[  OK  ] Reached target Login Prompts.
[  OK  ] Reached target Multi-User System.
[  OK  ] Reached target Graphical Interface.
         Starting Update UTMP about System Runlevel Changes...
[  OK  ] Started Update UTMP about System Runlevel Changes.

Debian GNU/Linux 9 syzkaller ttyS0

Warning: Permanently added '10.128.1.3' (ECDSA) to the list of known hosts.
2020/11/25 00:24:55 fuzzer started
2020/11/25 00:24:55 dialing manager at 10.128.0.105:46133
2020/11/25 00:24:55 syscalls: 3448
2020/11/25 00:24:55 code coverage: enabled
2020/11/25 00:24:55 comparison tracing: enabled
2020/11/25 00:24:55 extra coverage: enabled
2020/11/25 00:24:55 setuid sandbox: enabled
2020/11/25 00:24:55 namespace sandbox: enabled
2020/11/25 00:24:55 Android sandbox: /sys/fs/selinux/policy does not exist
2020/11/25 00:24:55 fault injection: enabled
2020/11/25 00:24:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/11/25 00:24:55 net packet injection: enabled
2020/11/25 00:24:55 net device setup: enabled
2020/11/25 00:24:55 concurrency sanitizer: enabled
2020/11/25 00:24:55 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/11/25 00:24:55 USB emulation: enabled
2020/11/25 00:24:55 hci packet injection: enabled
2020/11/25 00:24:55 wifi device emulation: enabled
2020/11/25 00:24:59 suppressing KCSAN reports in functions: 'blk_mq_dispatch_rq_list' 'alloc_pid' '__io_cqring_fill_event' 'fifo_open' '__ext4_update_other_inode_time' 'ext4_mark_iloc_dirty' '__add_to_page_cache_locked' 'wbt_done' 'shmem_unlink' '__ext4_new_inode' '_prb_read_valid' 'dd_has_work' 'do_nanosleep' 'expire_timers' 'ext4_mb_good_group' 'kauditd_thread' 'xas_clear_mark' 'ext4_free_inode' 'generic_file_buffered_read' 'wg_packet_decrypt_worker' 'pcpu_alloc' 'snd_rawmidi_poll' 'do_select' '__send_signal' '__delete_from_page_cache' 'io_sq_thread' 'find_get_pages_range_tag' 'n_tty_receive_buf_common' 'tick_nohz_stop_tick' 'do_exit' '__mod_timer' 'filemap_map_pages' 'exit_mm' 'ext4_free_inodes_count' 'complete_signal' 'blk_mq_do_dispatch_sched' 'snd_rawmidi_kernel_write1' 'generic_write_end' 'do_sys_poll' 'blk_mq_sched_dispatch_requests' 'futex_wait_queue_me' '__xa_clear_mark' 'blk_mq_rq_ctx_init' 'ext4_mb_find_by_goal' 'ext4_mb_regular_allocator' 
00:26:26 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client='access=client'}, {@cache_mmap='cache=mmap'}]}})

00:26:26 executing program 1:
syz_emit_ethernet(0x6e, &(0x7f0000000380)={@link_local, @random="fcffffff2d00", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\f-f', 0x38, 0x3a, 0xff, @private0, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, [], @initdev={0xfe, 0x88, [], 0x0, 0x0}, [{0x4, 0x3, "094dd99dfc300b5cc9723b8e9091580e22d8ac239e30"}, {0x4, 0x1, "f141a67339b7"}]}}}}}}, 0x0)

00:26:26 executing program 2:
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r0, 0x80184132, &(0x7f0000000040))

00:26:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b0001006d616373656300001c00028005000c0001009f00080025000000000005000d"], 0x4c}}, 0x0)

00:26:26 executing program 4:
syz_mount_image$hfsplus(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000240)='.\x00', 0xc3000483)
inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x41000004)
r1 = inotify_init()
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0xfe)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='security.capability\x00', 0x0, 0x0, 0x0)

00:26:27 executing program 5:
r0 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x82, 0x82, 0x7, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{}, {}, {}, {}]}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], "fd"}, @datasec={0x0, 0x2, 0x0, 0xf, 0x1, [{}, {}], "1d"}, @volatile, @fwd, @typedef]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0xa3}, 0x20)
r1 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000200)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000380)=""/67, 0x43}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)

syzkaller login: [  121.581052][ T8467] IPVS: ftp: loaded support on port[0] = 21
[  121.657872][ T8467] chnl_net:caif_netlink_parms(): no params data found
[  121.686460][ T8467] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.694074][ T8467] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.701767][ T8467] device bridge_slave_0 entered promiscuous mode
[  121.709285][ T8467] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.716306][ T8467] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.732247][ T8467] device bridge_slave_1 entered promiscuous mode
[  121.746581][ T8467] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.777610][ T8467] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.800913][ T8467] team0: Port device team_slave_0 added
[  121.809035][ T8467] team0: Port device team_slave_1 added
[  121.819982][ T8469] IPVS: ftp: loaded support on port[0] = 21
[  121.823487][ T8467] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.833331][ T8467] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.859752][ T8467] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.872603][ T8467] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.879670][ T8467] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.907208][ T8467] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.940412][ T8471] IPVS: ftp: loaded support on port[0] = 21
[  121.950778][ T8467] device hsr_slave_0 entered promiscuous mode
[  121.958172][ T8467] device hsr_slave_1 entered promiscuous mode
[  122.034404][ T8469] chnl_net:caif_netlink_parms(): no params data found
[  122.106193][ T8473] IPVS: ftp: loaded support on port[0] = 21
[  122.121575][ T8467] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  122.131878][ T8467] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  122.153281][ T8471] chnl_net:caif_netlink_parms(): no params data found
[  122.165401][ T8467] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  122.181538][ T8469] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.188963][ T8469] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.196495][ T8469] device bridge_slave_0 entered promiscuous mode
[  122.218963][ T8467] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  122.232550][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.239633][ T8469] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.255785][ T8469] device bridge_slave_1 entered promiscuous mode
[  122.277805][ T8469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.294427][ T8475] IPVS: ftp: loaded support on port[0] = 21
[  122.327432][ T8469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.345635][ T8469] team0: Port device team_slave_0 added
[  122.360177][ T8469] team0: Port device team_slave_1 added
[  122.376302][ T8473] chnl_net:caif_netlink_parms(): no params data found
[  122.393185][ T8467] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.400281][ T8467] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.407525][ T8467] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.414553][ T8467] bridge0: port 1(bridge_slave_0) entered forwarding state
[  122.442698][ T8471] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.449887][ T8471] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.457423][ T8471] device bridge_slave_0 entered promiscuous mode
[  122.464583][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.471669][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.498353][ T8469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  122.516513][ T8471] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.517320][ T8477] IPVS: ftp: loaded support on port[0] = 21
[  122.524074][ T8471] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.537061][ T8471] device bridge_slave_1 entered promiscuous mode
[  122.546868][ T8469] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.554125][ T8469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.580484][ T8469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.613054][ T8471] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.638025][ T8471] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.673923][ T8471] team0: Port device team_slave_0 added
[  122.683012][ T8473] bridge0: port 1(bridge_slave_0) entered blocking state
[  122.690443][ T8473] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.697983][ T8473] device bridge_slave_0 entered promiscuous mode
[  122.706321][ T8469] device hsr_slave_0 entered promiscuous mode
[  122.712769][ T8469] device hsr_slave_1 entered promiscuous mode
[  122.719651][ T8469] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  122.727427][ T8469] Cannot create hsr debugfs directory
[  122.733157][   T55] bridge0: port 1(bridge_slave_0) entered disabled state
[  122.741369][   T55] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.778437][ T8471] team0: Port device team_slave_1 added
[  122.784103][ T8473] bridge0: port 2(bridge_slave_1) entered blocking state
[  122.791694][ T8473] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.799252][ T8473] device bridge_slave_1 entered promiscuous mode
[  122.814826][ T8473] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  122.826142][ T8473] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  122.843467][ T8467] 8021q: adding VLAN 0 to HW filter on device bond0
[  122.858175][ T8475] chnl_net:caif_netlink_parms(): no params data found
[  122.876858][ T8477] chnl_net:caif_netlink_parms(): no params data found
[  122.889618][ T8473] team0: Port device team_slave_0 added
[  122.896235][ T8473] team0: Port device team_slave_1 added
[  122.902598][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_0
[  122.909685][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.935596][ T8471] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  122.947168][ T8471] batman_adv: batadv0: Adding interface: batadv_slave_1
[  122.954217][ T8471] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  122.980358][ T8471] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.019216][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  123.026700][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  123.038681][ T8467] 8021q: adding VLAN 0 to HW filter on device team0
[  123.046356][ T8473] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.053780][ T8473] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.079901][ T8473] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.100120][ T8471] device hsr_slave_0 entered promiscuous mode
[  123.106520][ T8471] device hsr_slave_1 entered promiscuous mode
[  123.112853][ T8471] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  123.120487][ T8471] Cannot create hsr debugfs directory
[  123.131129][ T8473] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.138256][ T8473] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.164504][ T8473] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.197027][ T8469] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  123.207933][ T8469] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  123.217953][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  123.226419][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  123.235131][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.242189][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.250137][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  123.258965][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  123.267404][    T5] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.274502][    T5] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.282181][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  123.291104][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  123.319331][ T8469] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  123.328458][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  123.336772][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  123.345558][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  123.354265][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  123.363293][ T8475] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.370624][ T8475] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.378161][ T8475] device bridge_slave_0 entered promiscuous mode
[  123.389546][ T8473] device hsr_slave_0 entered promiscuous mode
[  123.397183][ T8473] device hsr_slave_1 entered promiscuous mode
[  123.403784][ T8473] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  123.412028][ T8473] Cannot create hsr debugfs directory
[  123.420555][ T8469] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  123.431225][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  123.440598][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  123.449048][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  123.457262][ T8475] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.464612][ T8475] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.472103][ T8475] device bridge_slave_1 entered promiscuous mode
[  123.482023][ T8477] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.489846][ T8477] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.498251][ T8477] device bridge_slave_0 entered promiscuous mode
[  123.506942][ T8477] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.514426][ T8477] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.522287][ T8477] device bridge_slave_1 entered promiscuous mode
[  123.538401][ T8477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.550852][ T8477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.577981][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  123.586145][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  123.600794][ T8475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  123.612292][ T8467] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  123.628056][ T8475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  123.637645][ T3848] Bluetooth: hci0: command 0x0409 tx timeout
[  123.638443][ T8477] team0: Port device team_slave_0 added
[  123.653422][ T8477] team0: Port device team_slave_1 added
[  123.672519][ T8475] team0: Port device team_slave_0 added
[  123.685474][ T8475] team0: Port device team_slave_1 added
[  123.702252][ T8471] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  123.727949][ T8477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.734896][ T8477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.761729][ T8477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.772670][ T8471] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  123.784043][ T8471] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  123.793603][ T8473] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  123.801222][ T4912] Bluetooth: hci1: command 0x0409 tx timeout
[  123.808851][ T8473] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  123.818581][ T8477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.826359][ T8477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.852951][ T8477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.866150][ T8475] batman_adv: batadv0: Adding interface: batadv_slave_0
[  123.873269][ T8475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.899697][ T8475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  123.912008][ T8475] batman_adv: batadv0: Adding interface: batadv_slave_1
[  123.919007][ T8475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.944989][ T8475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  123.955949][ T8471] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  123.963757][ T3848] Bluetooth: hci2: command 0x0409 tx timeout
[  123.976743][ T8473] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  123.985506][ T8473] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  123.999415][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.007718][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.024479][ T8469] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.037320][ T8467] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.061925][ T8469] 8021q: adding VLAN 0 to HW filter on device team0
[  124.075521][ T8475] device hsr_slave_0 entered promiscuous mode
[  124.082291][ T8475] device hsr_slave_1 entered promiscuous mode
[  124.089181][ T8475] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  124.096727][ T8475] Cannot create hsr debugfs directory
[  124.104400][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.112363][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.120298][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  124.127360][   T55] Bluetooth: hci3: command 0x0409 tx timeout
[  124.129302][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  124.142690][ T3129] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.149728][ T3129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.157616][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  124.166095][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  124.174527][ T3129] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.181648][ T3129] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.191247][ T8477] device hsr_slave_0 entered promiscuous mode
[  124.198381][ T8477] device hsr_slave_1 entered promiscuous mode
[  124.205592][ T8477] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  124.213820][ T8477] Cannot create hsr debugfs directory
[  124.249340][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  124.257956][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  124.266521][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.275449][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.284616][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  124.293655][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  124.302454][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  124.316665][ T4912] Bluetooth: hci4: command 0x0409 tx timeout
[  124.328358][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  124.336304][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  124.348756][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  124.358001][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  124.366559][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  124.386286][ T8469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  124.398375][ T8469] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  124.412868][ T8467] device veth0_vlan entered promiscuous mode
[  124.419556][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.428347][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.436750][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  124.445295][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  124.453710][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.463523][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.471320][   T55] Bluetooth: hci5: command 0x0409 tx timeout
[  124.473720][ T8471] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.491621][ T8477] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  124.500530][ T8477] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  124.520685][ T8477] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  124.531638][ T8477] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  124.544637][ T8471] 8021q: adding VLAN 0 to HW filter on device team0
[  124.553769][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  124.561734][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  124.570836][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.578736][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.589486][ T8469] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.599014][ T8467] device veth1_vlan entered promiscuous mode
[  124.633834][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  124.642697][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  124.651012][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  124.660153][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  124.669020][ T4912] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.676212][ T4912] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.684246][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  124.692789][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  124.702447][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  124.713152][ T8475] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  124.733228][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  124.743184][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  124.751686][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  124.760709][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  124.769132][ T3848] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.776265][ T3848] bridge0: port 2(bridge_slave_1) entered forwarding state
[  124.785916][ T8467] device veth0_macvtap entered promiscuous mode
[  124.792800][ T8475] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  124.802238][ T8475] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  124.816353][ T8473] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.833065][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  124.842265][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  124.851204][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  124.860024][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  124.869015][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  124.878589][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  124.886238][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  124.894125][ T8475] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  124.902753][ T8467] device veth1_macvtap entered promiscuous mode
[  124.913850][ T8469] device veth0_vlan entered promiscuous mode
[  124.927551][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  124.936506][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  124.945685][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  124.954536][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  124.963248][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  124.971000][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  124.984313][ T8467] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.994845][ T8467] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.003954][ T8473] 8021q: adding VLAN 0 to HW filter on device team0
[  125.012498][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  125.020320][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  125.029001][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  125.037752][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  125.046087][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  125.055016][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  125.063536][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  125.075026][ T8469] device veth1_vlan entered promiscuous mode
[  125.084435][ T8467] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.093971][ T8467] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.102925][ T8467] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.111934][ T8467] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.125270][ T8471] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  125.137095][ T8471] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  125.159057][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  125.169992][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  125.178543][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.185544][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.194544][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  125.203146][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  125.212304][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  125.220855][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  125.229361][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.236372][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.244298][   T55] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  125.278499][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  125.289751][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  125.298579][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  125.306976][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  125.317422][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  125.325877][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  125.334800][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  125.342517][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  125.350796][ T9509] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  125.366169][ T8473] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  125.376900][ T8473] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  125.399910][ T8477] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.412596][ T8469] device veth0_macvtap entered promiscuous mode
[  125.420580][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  125.429214][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  125.437942][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  125.446598][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  125.455041][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  125.464453][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  125.473040][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  125.480756][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  125.490995][ T8471] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.504643][ T8469] device veth1_macvtap entered promiscuous mode
[  125.520115][    T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.529268][    T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.549196][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  125.556903][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  125.566352][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  125.574501][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  125.584282][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  125.592831][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  125.602302][ T8477] 8021q: adding VLAN 0 to HW filter on device team0
[  125.627271][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  125.635664][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  125.644020][ T9786] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.651694][ T9786] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.659762][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  125.668183][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  125.676303][ T9786] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.683331][ T9786] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.691137][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  125.699829][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  125.708347][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  125.718717][ T3848] Bluetooth: hci0: command 0x041b tx timeout
[  125.723125][ T8469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  125.727500][ T3165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.736361][ T8469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.753690][ T3165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.754659][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.770921][ T8469] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  125.781463][ T8469] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  125.792196][ T8469] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.807980][ T8473] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.815322][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  125.823684][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  125.832751][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  125.841494][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  125.850044][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  125.858614][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  125.869960][ T8469] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.879669][ T3129] Bluetooth: hci1: command 0x041b tx timeout
[  125.882373][ T8469] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.895967][ T8469] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.905421][ T8469] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.922800][ T8475] 8021q: adding VLAN 0 to HW filter on device bond0
00:26:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client='access=client'}, {@cache_mmap='cache=mmap'}]}})

[  125.932445][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  125.941620][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  125.968045][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
00:26:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client='access=client'}, {@cache_mmap='cache=mmap'}]}})

[  125.990609][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  126.001523][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  126.009680][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  126.036693][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  126.045713][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  126.054529][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  126.063178][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  126.073068][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  126.081548][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  126.090103][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  126.098829][   T55] Bluetooth: hci2: command 0x041b tx timeout
[  126.118860][ T8471] device veth0_vlan entered promiscuous mode
[  126.130688][ T8477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
00:26:31 executing program 0:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000380)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_client='access=client'}, {@cache_mmap='cache=mmap'}]}})

[  126.149708][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  126.169399][ T8475] 8021q: adding VLAN 0 to HW filter on device team0
00:26:32 executing program 0:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffffff)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000180)='\x00\x00\x00\x01\x00\x00\x00\x05\x00x\x92\x12\xbc\x06^\xbewV\xf3\xb3\xa4e\xfb\xc5}\x9c\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|b\xe2\xff\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c')
ioctl$ASHMEM_SET_NAME(r0, 0x7709, &(0x7f0000000040))

[  126.197746][   T55] Bluetooth: hci3: command 0x041b tx timeout
[  126.204255][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  126.217272][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  126.225955][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  126.235919][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
00:26:32 executing program 0:
r0 = socket$inet6(0xa, 0x80001, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x2, r3}]}}}]}, 0x38}}, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={@loopback={0x0, 0x300}, 0x0, r3})

[  126.249825][ T8471] device veth1_vlan entered promiscuous mode
[  126.273894][ T8477] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.308316][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  126.332642][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  126.342427][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state
[  126.349492][ T9219] bridge0: port 1(bridge_slave_0) entered forwarding state
[  126.357663][ T3129] Bluetooth: hci4: command 0x041b tx timeout
[  126.359968][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  126.382652][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  126.391636][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state
[  126.398676][ T9219] bridge0: port 2(bridge_slave_1) entered forwarding state
[  126.408570][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  126.425510][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  126.435133][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  126.443746][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  126.470082][ T8473] device veth0_vlan entered promiscuous mode
[  126.480593][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  126.490169][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  126.498596][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  126.506236][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  126.515920][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  126.517323][ T3129] Bluetooth: hci5: command 0x041b tx timeout
[  126.525408][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  126.538394][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  126.553137][ T8473] device veth1_vlan entered promiscuous mode
00:26:32 executing program 0:
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff01000000000014b2000a"], 0x2c}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000000c0)={0x7ff}, 0x10)
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0)

[  126.564616][ T8471] device veth0_macvtap entered promiscuous mode
[  126.574783][ T8471] device veth1_macvtap entered promiscuous mode
[  126.593254][ T3165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.598470][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  126.613858][ T3165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.621766][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  126.635169][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  126.643280][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  126.657654][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  126.666124][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  126.676783][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  126.686575][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  126.701884][ T8475] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  126.712415][ T8475] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  126.728856][ T8471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  126.739552][ T8471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.749866][ T8471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  126.760688][ T8471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.771957][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.779468][ T9851] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  126.794269][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  126.802460][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  126.811435][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  126.820483][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  126.828928][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  126.837349][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  126.845547][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  126.854257][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  126.870604][    T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.878345][ T8471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  126.879016][    T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.891453][ T8471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.907016][ T8471] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
00:26:32 executing program 0:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000740)='/proc/capi/capi20ncci\x00', 0x200000, 0x0)
timerfd_gettime(r0, 0x0)

[  126.919061][ T8471] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.930343][ T8471] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.944295][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  126.953908][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  126.971587][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  126.983206][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  126.998702][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  127.011234][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  127.037146][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  127.045610][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  127.055523][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  127.064320][ T3848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  127.076879][ T8475] 8021q: adding VLAN 0 to HW filter on device batadv0
00:26:32 executing program 1:
syz_emit_ethernet(0x6e, &(0x7f0000000380)={@link_local, @random="fcffffff2d00", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\f-f', 0x38, 0x3a, 0xff, @private0, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, [], @initdev={0xfe, 0x88, [], 0x0, 0x0}, [{0x4, 0x3, "094dd99dfc300b5cc9723b8e9091580e22d8ac239e30"}, {0x4, 0x1, "f141a67339b7"}]}}}}}}, 0x0)

[  127.098660][ T8473] device veth0_macvtap entered promiscuous mode
[  127.116321][ T8471] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.125869][ T8471] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.144123][ T8471] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.164876][ T8471] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.184714][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  127.194086][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  127.203159][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  127.214674][ T8477] device veth0_vlan entered promiscuous mode
[  127.224747][ T8473] device veth1_macvtap entered promiscuous mode
[  127.235563][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  127.244501][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  127.254019][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  127.279806][ T8477] device veth1_vlan entered promiscuous mode
[  127.295638][ T8473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.306391][ T8473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.316918][ T8473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.328098][ T8473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.338289][ T8473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.348713][ T8473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.359587][ T8473] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.371925][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  127.379847][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  127.388361][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  127.396936][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  127.405918][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  127.427204][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  127.435145][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  127.443636][ T3129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  127.456076][ T8473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  127.466845][ T8473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.477704][ T8473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  127.488338][ T8473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.498690][ T8473] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  127.509255][ T8473] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.520323][ T8473] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.529544][ T8475] device veth0_vlan entered promiscuous mode
[  127.536087][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  127.543876][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  127.551459][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  127.560014][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  127.587673][ T8473] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  127.596407][ T8473] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.607692][ T8473] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.616540][ T8473] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.632647][ T8477] device veth0_macvtap entered promiscuous mode
[  127.649739][ T8475] device veth1_vlan entered promiscuous mode
[  127.657115][    T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.665089][    T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.675324][   T21] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.684800][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  127.687622][   T21] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.696213][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  127.710520][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  127.719463][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  127.727333][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  127.735629][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  127.747210][ T8477] device veth1_macvtap entered promiscuous mode
00:26:33 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000003f00)={0x0, 0x0, &(0x7f0000003ec0)=[{&(0x7f0000001b40)={0x1c, 0x1e, 0x1, 0x0, 0x0, "", [@generic="0c0000000000e00000"]}, 0x1c}], 0x1}, 0x0)

[  127.797652][ T9786] Bluetooth: hci0: command 0x040f tx timeout
[  127.834110][ T8475] device veth0_macvtap entered promiscuous mode
[  127.850862][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.862907][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.873058][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.892646][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.902814][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.915545][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.925414][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  127.936127][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  127.947598][ T8477] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.956314][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  127.965213][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  127.973187][    T7] Bluetooth: hci1: command 0x040f tx timeout
[  127.980799][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  127.989311][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  127.999348][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  128.007948][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  128.016343][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  128.025888][    T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.042507][ T8475] device veth1_macvtap entered promiscuous mode
[  128.043529][    T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.058135][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.084730][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.095676][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.107890][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.118113][    T7] Bluetooth: hci2: command 0x040f tx timeout
[  128.126054][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.137943][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.148217][ T8477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.158781][ T8477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.169587][ T8477] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.185680][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  128.196225][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.207486][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  128.218407][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.228249][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  128.238844][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.249310][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  128.260270][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.270330][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  128.280888][    T7] Bluetooth: hci3: command 0x040f tx timeout
[  128.281317][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.299298][ T8475] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.309289][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  128.316872][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  128.327466][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  128.335965][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  128.345688][ T9786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  128.356870][ T8477] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.365933][ T8477] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.374797][ T8477] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.383672][ T8477] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.399977][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.407085][    T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.412768][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.420001][    T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.430624][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.437406][ T4912] Bluetooth: hci4: command 0x040f tx timeout
[  128.447420][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.463481][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.474014][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.484124][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.495158][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.505105][ T8475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  128.515725][ T8475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.527694][ T8475] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.541849][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  128.550596][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  128.559714][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  128.593060][ T8475] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
00:26:34 executing program 3:
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000040008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mknod(&(0x7f00000002c0)='./file1/file0\x00', 0x0, 0x0)
lsetxattr$security_ima(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000200)=ANY=[], 0x9a, 0x0)

[  128.602467][ T9786] Bluetooth: hci5: command 0x040f tx timeout
[  128.603172][ T8475] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.630049][ T8475] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.642953][ T8475] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.684880][    T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.714473][    T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.741227][   T21] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.741891][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  128.754558][   T21] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.776644][ T2971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.789788][ T2971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.791330][ T4912] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  128.819834][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  128.832345][   T21] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.856301][   T21] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.864531][ T9558] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
00:26:34 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x1c, 0x2, 0x3, 0x1, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x14, 0x1, 0x3, 0x11}, 0x14}}, 0x0)
write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0xfd53)
splice(r3, 0x0, r0, 0x0, 0x400000, 0x0)

00:26:34 executing program 0:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc494)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='./file1/file0\x00')
clone(0x8000000000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
open(&(0x7f0000000180)='./file3\x00', 0x0, 0x0)
open(&(0x7f00000000c0)='./file1\x00', 0x902c0, 0x0)
symlink(&(0x7f0000000000)='./file3\x00', &(0x7f0000000140)='./file0\x00')

00:26:34 executing program 1:
syz_emit_ethernet(0x6e, &(0x7f0000000380)={@link_local, @random="fcffffff2d00", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\f-f', 0x38, 0x3a, 0xff, @private0, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, [], @initdev={0xfe, 0x88, [], 0x0, 0x0}, [{0x4, 0x3, "094dd99dfc300b5cc9723b8e9091580e22d8ac239e30"}, {0x4, 0x1, "f141a67339b7"}]}}}}}}, 0x0)

00:26:34 executing program 2:
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, 0x0, 0x0)

00:26:34 executing program 3:
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000040008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mknod(&(0x7f00000002c0)='./file1/file0\x00', 0x0, 0x0)
lsetxattr$security_ima(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000200)=ANY=[], 0x9a, 0x0)

00:26:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc, 0x3}]}]}]}, 0x3c}}, 0x0)

00:26:34 executing program 2:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x1}, 0x10)

00:26:34 executing program 3:
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000040008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mknod(&(0x7f00000002c0)='./file1/file0\x00', 0x0, 0x0)
lsetxattr$security_ima(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000200)=ANY=[], 0x9a, 0x0)

00:26:34 executing program 1:
syz_emit_ethernet(0x6e, &(0x7f0000000380)={@link_local, @random="fcffffff2d00", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\f-f', 0x38, 0x3a, 0xff, @private0, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, [], @initdev={0xfe, 0x88, [], 0x0, 0x0}, [{0x4, 0x3, "094dd99dfc300b5cc9723b8e9091580e22d8ac239e30"}, {0x4, 0x1, "f141a67339b7"}]}}}}}}, 0x0)

[  128.983509][ T9986] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
00:26:34 executing program 2:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x1}, 0x10)

00:26:34 executing program 5:
set_mempolicy(0x1, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f00000005c0)=0x1, 0x4)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, &(0x7f0000000080), 0x8)
sendmsg$inet6(r0, &(0x7f0000000000)={&(0x7f0000000040)={0xa, 0x4e22, 0x0, @local}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast1={0xff, 0x5}}}}], 0x28}, 0x0)

00:26:34 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
connect$unix(r1, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e)
connect$unix(r1, &(0x7f00000000c0)=@abs, 0x6e)

00:26:34 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  129.215416][T10008] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  129.316098][    C1] hrtimer: interrupt took 25511 ns
[  129.323857][T10008] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  129.341341][T10008] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  129.381486][T10013] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
00:26:35 executing program 0:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc494)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='./file1/file0\x00')
clone(0x8000000000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
open(&(0x7f0000000180)='./file3\x00', 0x0, 0x0)
open(&(0x7f00000000c0)='./file1\x00', 0x902c0, 0x0)
symlink(&(0x7f0000000000)='./file3\x00', &(0x7f0000000140)='./file0\x00')

00:26:35 executing program 3:
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0x0, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000040008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mknod(&(0x7f00000002c0)='./file1/file0\x00', 0x0, 0x0)
lsetxattr$security_ima(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000200)=ANY=[], 0x9a, 0x0)

00:26:35 executing program 5:
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0xdb, 0xf1, 0x40, 0x545, 0x8080, 0x2, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xdc, 0x30, 0x62}}]}}]}}, 0x0)

00:26:35 executing program 2:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x1}, 0x10)

00:26:35 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fremovexattr(r0, &(0x7f0000000340)=@random={'security.', '!\x00'})

00:26:35 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  129.514251][   T34] audit: type=1804 audit(1606263995.305:2): pid=9995 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir483014328/syzkaller.aXmFVw/8/file3" dev="sda1" ino=15761 res=1 errno=0
00:26:35 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:35 executing program 3:
pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8, 0xffffffffffffffe1, 0xfff, 0x0, 0x1}, &(0x7f0000000040)={0x7fffffff, 0x0, 0x100000001, 0xffff, 0x63a, 0x0, 0x6, 0x1d2}, &(0x7f0000000080)={0x0, 0x3, 0x5, 0x5, 0x80000000, 0x4, 0x0, 0x401}, 0x0, 0x0)
clone3(&(0x7f0000000480)={0x40000200, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x3e}, &(0x7f0000000240)=""/171, 0xab, &(0x7f0000000300)=""/227, 0x0}, 0x58)

00:26:35 executing program 2:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
connect$nfc_raw(r0, &(0x7f0000000000)={0x27, 0x1}, 0x10)

[  129.599261][   T34] audit: type=1800 audit(1606263995.305:3): pid=9995 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="file3" dev="sda1" ino=15761 res=0 errno=0
[  129.664647][T10047] IPVS: ftp: loaded support on port[0] = 21
[  129.686026][T10034] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  129.704391][T10034] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
00:26:35 executing program 2:
syz_emit_ethernet(0x82, &(0x7f0000000000)={@empty=[0xff], @random="6c3ebfdecab1", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @multicast1, @loopback, {[@ssrr={0x89, 0x3}, @noop, @cipso={0x86, 0xb, 0x0, [{0x0, 0x5, "3a61f2"}]}, @ra={0x94, 0x4}, @ssrr={0x89, 0x27, 0x0, [@rand_addr, @multicast1, @rand_addr, @empty, @multicast1, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @private]}, @lsrr={0x83, 0x7, 0x0, [@broadcast]}]}}}}}}}, 0x0)

00:26:35 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)="1f5583624999c4665398664c3fd64362f39caf1701d25c2fd6d42bce84c2e238b5ea8de1fd6321452d791cc0576c8624862bd395fea6a640434269e5cc27d7b0ca5e61ca9762e563c2e3523a0000e3be874cf2646c739d187be7fede2e70abc9944edf099471021894a286200cf118fc95ffda3c5c7581968691a170393c69cfeba5233c29b98f50e172cb42ea3d704f245af0e736e383411995f63efc1ae8292ec68c3a835491f30f00", 0xaa}], 0x4, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x3c)
ptrace$cont(0x18, r0, 0x0, 0x0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x18, r0, 0x0, 0x0)

[  129.877738][    T7] Bluetooth: hci0: command 0x0419 tx timeout
[  129.883763][ T4912] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  129.894032][T10050] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
00:26:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x581, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9, 0x1, 'vlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8}]}, 0x44}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0)

[  129.929709][T10050] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  130.037652][    T7] Bluetooth: hci1: command 0x0419 tx timeout
00:26:35 executing program 0:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc494)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='./file1/file0\x00')
clone(0x8000000000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
open(&(0x7f0000000180)='./file3\x00', 0x0, 0x0)
open(&(0x7f00000000c0)='./file1\x00', 0x902c0, 0x0)
symlink(&(0x7f0000000000)='./file3\x00', &(0x7f0000000140)='./file0\x00')

00:26:35 executing program 2:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

[  130.197345][    T7] Bluetooth: hci2: command 0x0419 tx timeout
[  130.267074][ T4912] usb 6-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.02
[  130.276124][ T4912] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.317237][ T4912] usb 6-1: config 0 descriptor??
[  130.361424][    T7] Bluetooth: hci3: command 0x0419 tx timeout
[  130.519043][ T4912] Bluetooth: hci4: command 0x0419 tx timeout
[  130.572271][ T9219] usb 6-1: USB disconnect, device number 2
[  130.680324][ T4912] Bluetooth: hci5: command 0x0419 tx timeout
[  131.366970][    T7] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  131.747159][    T7] usb 6-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.02
[  131.756337][    T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.766404][    T7] usb 6-1: config 0 descriptor??
00:26:37 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

00:26:37 executing program 2:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

00:26:37 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:37 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:37 executing program 0:
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc494)
rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='./file1/file0\x00')
clone(0x8000000000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
open(&(0x7f0000000180)='./file3\x00', 0x0, 0x0)
open(&(0x7f00000000c0)='./file1\x00', 0x902c0, 0x0)
symlink(&(0x7f0000000000)='./file3\x00', &(0x7f0000000140)='./file0\x00')

[  132.016920][    T7] usb 6-1: USB disconnect, device number 3
00:26:37 executing program 2:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

[  132.163842][T10143] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  132.174970][T10143] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  132.194869][T10155] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
00:26:38 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

[  132.210889][T10155] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  132.253599][T10141] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
00:26:38 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  132.412457][T10168] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  132.422021][T10168] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  132.460842][T10172] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
00:26:38 executing program 3:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7ffffffd}]})
r0 = timerfd_create(0x0, 0x0)
timerfd_gettime(r0, &(0x7f0000000100))

00:26:38 executing program 4:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

00:26:38 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vhost-net\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000)
write$vhost_msg_v2(r0, &(0x7f0000000400)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000480)=""/140, 0x8c, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f00000000c0)=""/68, 0x44, 0x0, 0x0, 0x3}}, 0x48)

00:26:38 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000400)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:38 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
socketpair(0x1e, 0x4, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', <r3=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup3(r5, r4, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000dc0)=@newlink={0x40, 0x10, 0xffffff0f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8, 0x1, 'hsr\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_SLAVE2={0x8, 0x2, r1}]}}}]}, 0x40}}, 0x0)

00:26:38 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000380)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc, 0x1, 'ingress\x00'}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@delchain={0x24, 0x28, 0xd39, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x900}, {0x0, 0xffff}}}, 0x24}}, 0x0)

[  133.019531][T10195] device team_slave_1 entered promiscuous mode
00:26:38 executing program 2:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

00:26:38 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

[  133.083424][T10195] device team_slave_1 left promiscuous mode
[  133.094099][T10187] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  133.108605][T10201] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
00:26:38 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001480)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3eeb18ed812aee2c49e8020a6f4e0e4a944b4e020f6983959d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fbd82c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002dc95aa0b784625704f07a72c29184ff7f0000cef809606056fe5c46ffffffffffffff7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45ef4adf634be763289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77d44e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97a85fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a05006dfcaf99431412fd134a996382a1804d5bb924cfe5f3185418d605ffff9c4d2ec7c32095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ef6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008918d9559711e6e8861c46495ba585a4b2d02edc3e2808271c896249ed85b980680b6c4a000000002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff030000000000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e347730cd8e6f6bcfede60d8df85be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4a00fca0493cf29b33dcc9ffcfffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10b64c108285e71b5565b1768ee58969c00d6c2d071eca1c360fb4021428ce970275d13b78203000000f761038b7ed4fe32b561d46ea3abe0fa4d30dc94ef243375ffe7d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ecbbc55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377323ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3e4a7de7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd452277c3887d6116c6f35a8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958d5d9cddd18e360ad5294ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb490000ff642440b6647d09000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8dd729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b085f3c334b47f067bbab40743b2a09000000f68df75cf43f8ecc8d3726602111b48b761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83186c1526af6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af930cd6db49a47613808bad959719c0000000000378a921c7f7f8433c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205aa00b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966dcc86b2834efe768c7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f9360984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5002512bcbf9b24accfecb0f477db103463af2847e6ade5b9e065ec0d0ba58fedae5f08818fea475b169469f9efd131925008c39f5cf21d2e80a64ac97e71cafc29bfb78db090dd12225efeda2e93bf7f6ba7865e9c375a780929dfa5a210be2858e2a4ff8e8d1e8c9cceed07c6312b734c72510d335acc94f76e7078ce4066f1e0ac9429f8013683301277a11e25b248b61180cb6207a0e26757f3f1bfc6c27f3720d1fb74a05ed6024e94dee34666c5b5522b5b453c9e549847c89bdee957d72f32fa3334313e334cc140daec7dcb22f463457a1a5ac230bbded86250000000000000000000000000000000000000000000062a99c4e0fddd5bab3b690d35d11501beabbcdfaaa50dafa7014f0fda5f8e71c221875698ace429e45cd17bfd5bf0f566a30cbce537be8721742bbec0d2f9527a9ceeb6dea0c653029ef7159ced2a8716da5210f409c1ac320aed7237132470900b28feea74eaf94bf025844a2d3b66472b493c47bf8c074bfca036e30d5ca866f79ac7c91da94756002f42781ae98a1575f6dbb5a5949bced33233c07bfb462927cbb9f2018d6e12c58c3514fa82f72aeb837ebf8d016b3498889f93cdc5afcc491f33106dbad1eaeab8ab8fedf29eeb04602e92aa9b72a281182441647383c0a6c06d796e9086d530e2231edda45ca7921920f106c3fa8e60a6f7e5d39433294bc85eebf5ad534c0406df054b677641400e9f7fba008b48485d37bb7a82c709e053e9f73f2a61786129778a046b65ef519943dcd83f7f778dbe3d87fe46536cf439eb004b4a4214a381348a672e9ccfffff2a63c7c6cb99f928e80fbcfa01f9efbcefe6e2bd8924db1227cee8b78750b5ea100d9decdd1fffe02e95cdabe1546724299fe008f8ef6b08c93a016668d69c5ed6dd6c405aa48aab3b18b4d6cef1ed8fab8babcadb7708bb2074325492fdcfaf37522687e5b3e11e929ce0000000000000000000000000000000000000000000000000053a16f44bee19a764f4e60c22d204060515f77ae0eda4d2e4e"], &(0x7f0000000100)='GPL\x00'}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x10)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={0xffffffffffffffff, 0x12, 0x0, 0x0, 0x0}, 0x20)

[  133.117060][T10187] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  133.144440][T10209] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
00:26:39 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
socketpair(0x1e, 0x4, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', <r3=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup3(r5, r4, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000dc0)=@newlink={0x40, 0x10, 0xffffff0f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8, 0x1, 'hsr\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_SLAVE2={0x8, 0x2, r1}]}}}]}, 0x40}}, 0x0)

00:26:39 executing program 5:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x1d, 0x0, "2461750a5264d9a16700e2cea1acedd8025264c73c839e09f5ff08cccc6e3ffd7477f28557a8556964d283b24c2a2bb1dcc5a8d735eec48df90a55e5c0b3a337860cfd677448d1258641934ef7302d02"}, 0xd8)
setsockopt$inet_tcp_int(r0, 0x6, 0xe, &(0x7f0000000040)=0x2, 0xf6)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, "2461750a5264d9a16700e2cea1acedd8025264c73c839e09f5ff08cccc6e3ffd7477f28557a8556964d283b24c2a2bb1dcc5a8d735eec48df90a55e5c0b3a337860cfd677448d1258641934ef7302d02"}, 0xd8)

[  133.231109][T10219] device team_slave_1 entered promiscuous mode
[  133.238474][T10219] device team_slave_1 left promiscuous mode
00:26:39 executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x6, 0x8000031, 0xffffffffffffffff, 0x0)
getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f00000022c0)=""/4084, &(0x7f0000000240)=0xff4)

00:26:39 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
socketpair(0x1e, 0x4, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', <r3=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup3(r5, r4, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000dc0)=@newlink={0x40, 0x10, 0xffffff0f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8, 0x1, 'hsr\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_SLAVE2={0x8, 0x2, r1}]}}}]}, 0x40}}, 0x0)

[  133.378743][T10234] device team_slave_1 entered promiscuous mode
[  133.397586][T10234] device team_slave_1 left promiscuous mode
00:26:39 executing program 4:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

00:26:39 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x52, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe, 0x1, 'wireguard\x00'}, {0x4}}}]}, 0x38}}, 0x0)

00:26:39 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r1=>0x0})
socketpair(0x1e, 0x4, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', <r3=>0x0})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup3(r5, r4, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000dc0)=@newlink={0x40, 0x10, 0xffffff0f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8, 0x1, 'hsr\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_SLAVE2={0x8, 0x2, r1}]}}}]}, 0x40}}, 0x0)

00:26:39 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a80)=ANY=[@ANYBLOB="3800c3b4b7422da3f14a095a797e22d8d093c041dbdba2ff4979083d4913dd21df30bc18c154f4f8313fa19263fff69b53e59d759b589f210a924dffa80e5e278bdcfccecd6e1162a5e37e3394c861e13e7d56536dddff46d4f9a130c9281bb0088eadc666b5082621dfbc9dcef7e9e01b5724a4c5270562e83c0bb3a17b1df8de2e96c59ba6dbd0084a9816d01ba9c7b56390bb68ddde9062c37fd6e0103f4838cbf89b0319933a3070977aff8c1c94992d94c36c36a78cf144de4f6c0204288a6575c43bf33cfee2ce4c0bce1e92bfde0e420540f012809196795000c90718907122b6404cf51a40becaa51a9e1a515f2eddf8c652e47db01a9f15971983afeb0f7a84f22dac2ab3558f2ea2215f7a06d487776e574b1bb4c8dcefb4caf1c063677deb4800"/306, @ANYRES32, @ANYBLOB="400063000100000800020000000000837d636e84b0f4aa2b6958647e7d3c222070ca1dce8a0a92038a376f74bf266381bcf942e5ef7649d7cbc35ebc01f09dc1feccd572bf83fdaf29c2f85fb81570400e5dc343b262135a5189ea1bc85bd13c09929b1ca55a5e63eac117df66d5df1fea2f1c3b85c4acabc0d21ffb9711492447efd0a3d88d9b15cf457a4ecce186fa0b04d489f6781c2ed5d020c5fbae070425bc4692f5144cd1b98466e8c32fcea3209a0c2a33ccf9247a6ecf112a2800"/204], 0x38}, 0x1, 0x0, 0x0, 0x20c1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="5c0400fd00000080f700000000000000000000009cef57b912667f21b6a801b8497cf9ee579246b729dc2aba3c7500cfbfd36391ae3ba98d97b17ade43f8bee4e1fd6caef2c5c035487ef40df2917b412a46f4f75d522040b7b044184b0ddcffff3464386d3e00000000be3ad4d41e2b0e817b7afbd97118edb8b18c4a2e757cc3ee33612c368483e8872a1aaaffdce7ac8131379131fe0000000000000000142729b117ed53e2bcfd61af09f028a0c83e34a70eb917e4836fe90018d4b5113ae5b16e7ab07bfc4de60fb84f6012e0cd84c563a2f548a2fc5c96455754c8f09afbf09aa2938a05214448ce49bf74f887c6056d1e1d3d9bfad857797ca7cb62c57dd522c85ba4ea95a31579c9d06c932953c77be29a182f39a1bb8014caaae1db798dd1abfa56876f029cbb2da36ce129cd01a947dd39bf297731a828e44ed12dcb1d6643ce11c5355d1360ec7137e7a139a21eccb296cfc810bd31a3edb6192f45d0fc7937a674c5fd2b4bb0b55574f62ae6911b7db28491fee55d1e0e3f583189aa2e", @ANYRES64=r0, @ANYBLOB="0400000000000076405c103956094f0062617369630000002c00020028000280080001007e0000001c0002801800010000000400000000000c0001000000000000000000"], 0x5c}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000080)={'ip6tnl0\x00', <r1=>0x0, 0x2f, 0x5, 0x6, 0x0, 0x3, @private2={0xfc, 0x2, [], 0x1}, @empty, 0x700, 0x8000, 0x9, 0x400}})
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r0, 0x89f5, &(0x7f0000000340)={'ip6_vti0\x00', &(0x7f0000000400)={'ip6gre0\x00', r1, 0x4, 0x5, 0x3f, 0x2, 0x49, @dev={0xfe, 0x80, [], 0x28}, @private2, 0x7, 0x80, 0x800, 0x7ffc}})
r2 = socket$packet(0x11, 0x2, 0x300)
openat$autofs(0xffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x430040, 0x0)
accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0xf, 0x80000)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000280)=@req={0x9, 0x1, 0x200, 0x7ff}, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'bond0\x00', <r3=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r3}, 0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8936, &(0x7f0000000240)={@ipv4={[0xa], [], @multicast2}, 0x77, r3})
ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, &(0x7f0000000680)=0x4)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newlink={0x7c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ipip6={{0xb, 0x1, 'ip6tnl\x00'}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @loopback}, @IFLA_IPTUN_FWMARK={0x8}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @loopback={0x500000000000000}}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8}]}, 0x7c}}, 0x0)

00:26:39 executing program 1:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000003c0)="02", 0x1}])
r2 = open(&(0x7f00000003c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x12, r2, 0x0)
truncate(&(0x7f0000000080)='./bus\x00', 0x8b3e)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3)

[  133.892030][   T34] audit: type=1804 audit(1606263999.685:4): pid=10263 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir775706625/syzkaller.ZhwnCI/8/bus" dev="sda1" ino=15812 res=1 errno=0
[  133.922857][T10259] device team_slave_1 entered promiscuous mode
[  133.929639][T10259] device team_slave_1 left promiscuous mode
00:26:39 executing program 5:
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000001500)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0xc0502103, &(0x7f0000000080))

00:26:39 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x52, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe, 0x1, 'wireguard\x00'}, {0x4}}}]}, 0x38}}, 0x0)

00:26:39 executing program 4:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x1c1005, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080))
write$dsp(r0, &(0x7f0000000100)="5d58aa2948ce3589fc379e9a45867d986145cf67be942e955c4fdb49297589ad8840d0d6b138880747fdf7c9354eb0114c349b0fc0babbd05c64538352edfd180b10b59f390b18798dd3128392bbec0cc170e03e38", 0x20000155)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

00:26:39 executing program 2:
r0 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0)

[  133.962954][   T34] audit: type=1804 audit(1606263999.685:5): pid=10263 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir775706625/syzkaller.ZhwnCI/8/bus" dev="sda1" ino=15812 res=1 errno=0
00:26:39 executing program 0:
r0 = socket$inet(0x2, 0x3, 0x80000000002)
setsockopt$inet_int(r0, 0x0, 0xc8, &(0x7f0000000080), 0x4)
setsockopt$inet_int(r0, 0x0, 0xd1, 0x0, 0x0)

00:26:39 executing program 1:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000003c0)="02", 0x1}])
r2 = open(&(0x7f00000003c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x12, r2, 0x0)
truncate(&(0x7f0000000080)='./bus\x00', 0x8b3e)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3)

[  134.028042][   T34] audit: type=1804 audit(1606263999.685:6): pid=10263 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir775706625/syzkaller.ZhwnCI/8/bus" dev="sda1" ino=15812 res=1 errno=0
00:26:39 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$OSF_MSG_ADD(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)={0x268, 0x0, 0x5, 0x401, 0x0, 0x0, {}, [{{0x254, 0x1, {{}, 0x0, 0xbb, 0x0, 0x0, 0x0, 'syz0\x00', "41db5612281c8a89bac2ceb4cd5ad3f299fe068fb4460a1c9192a310e746296d", "43d491afad3af7d48825a8ee20fb103261e2fafc564b173062ef2164b905a4f7", [{}, {0x0, 0x0, {0x2, 0xfffffffa}}, {0x0, 0x0, {0x0, 0x6}}, {}, {}, {}, {0x0, 0x0, {0x2}}]}}}]}, 0x268}}, 0x0)

00:26:39 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x800, 0x0, 0x3}, 0x20)

00:26:39 executing program 5:
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={0x0, 0xffffffffdfffffff, 0x1000}, 0x20)

00:26:39 executing program 2:
r0 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0)

00:26:39 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x52, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe, 0x1, 'wireguard\x00'}, {0x4}}}]}, 0x38}}, 0x0)

00:26:39 executing program 5:
unshare(0x400)
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000)='/dev/capi20\x00', 0x0, 0x0)
ioctl$CAPI_GET_FLAGS(r0, 0xc0104320, 0x0)

[  134.181848][   T34] audit: type=1804 audit(1606263999.975:7): pid=10298 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir775706625/syzkaller.ZhwnCI/9/bus" dev="sda1" ino=15791 res=1 errno=0
00:26:40 executing program 4:
pipe(&(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f00000000c0)=0x800000100000001, 0x4)
ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0xfff)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
close(r1)

00:26:40 executing program 3:
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x52, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe, 0x1, 'wireguard\x00'}, {0x4}}}]}, 0x38}}, 0x0)

00:26:40 executing program 2:
r0 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0)

00:26:40 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'batadv0\x00', &(0x7f0000002fc0)=@ethtool_link_settings={0x3}})

00:26:40 executing program 1:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000003c0)="02", 0x1}])
r2 = open(&(0x7f00000003c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x12, r2, 0x0)
truncate(&(0x7f0000000080)='./bus\x00', 0x8b3e)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3)

00:26:40 executing program 5:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
syz_usb_connect(0x0, 0x52, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x11, 0x7c, 0x40, 0x8, 0x1908, 0x1315, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x74, 0xb3, 0x0, 0x0, [@uac_control={{}, [@mixer_unit={0x5}, @output_terminal={0x9}]}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@uac_iso={0x7}, @uac_iso={0x7}]}}]}}]}}]}}, 0xffffffffffffffff)

00:26:40 executing program 0:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x10c, &(0x7f0000000140)="c4c691018019daf762910000000000000022addee07bee0d6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e2db9ab9b7136283e350808ffdb2dc4a741a151f4e2fb147baa16dacdcf44e203c4b1bc83d8c0b29f75bcf2e3482945fef116371f828c0c4db583a208718e3cccd9dd3bf7a0b9daf36829d2d3e73af34a91a485cf79e5e750f5045ae885e568cdd05c230369b25ee024d5c6f5c08e9ac768b1f0764551be005eb115e0e846f2d1e3aa58bfdf2fd0413de17b29b802f28227b7f598e9f3e04409d38520f96c085f2323f2769932fbd8a655ef09aac91e11c563b16c06fb0acdce0ca5f8bfd182fd61775fe787c92d23becdcdd3cb4fd9338698d291"}}], 0x1c)
wait4(0x0, 0x0, 0x80000000, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x17)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r3 = gettid()
tkill(r3, 0x40)

00:26:40 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={r0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0x0], 0x1}, 0x20)

[  134.363983][   T34] audit: type=1804 audit(1606264000.155:8): pid=10326 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir775706625/syzkaller.ZhwnCI/10/bus" dev="sda1" ino=15818 res=1 errno=0
00:26:40 executing program 3:
socketpair$unix(0x1, 0x200400000000003, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r0, 0x0, 0x0)
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x46)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x924924924924c31, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000002400), 0x4)
write$binfmt_script(r1, 0x0, 0x0)
close(r0)

00:26:40 executing program 2:
r0 = fsopen(&(0x7f0000000040)='nfsd\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x7, 0x0, 0x0, 0x0)

00:26:40 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00006d4000/0x4000)=nil, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x0)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x70)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000040))
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00)

00:26:40 executing program 0:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, &(0x7f0000000340)=""/142, 0x42, 0x8e, 0x8}, 0x20)

00:26:40 executing program 1:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f00000004c0)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000480)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000003c0)="02", 0x1}])
r2 = open(&(0x7f00000003c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x12, r2, 0x0)
truncate(&(0x7f0000000080)='./bus\x00', 0x8b3e)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000001c0), 0xfffffef3)
mbind(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3)

00:26:40 executing program 2:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x112, 0x1, 0x0, &(0x7f0000000240))

00:26:40 executing program 0:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, &(0x7f0000000340)=""/142, 0x42, 0x8e, 0x8}, 0x20)

[  134.551228][T10351] BPF:	(anon) type_id=1 bits_offset=0
[  134.578962][T10351] BPF: 
[  134.591661][T10351] BPF:Member exceeds struct_size
00:26:40 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0x1)
setreuid(r1, 0x0)
clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = getpid()
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x6db6e559)
get_robust_list(r2, &(0x7f0000000100)=0x0, &(0x7f0000000140))

00:26:40 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newae={0x54, 0x1e, 0xb19, 0x0, 0x0, {{@in=@local}, @in=@multicast1}, [@mark={0xc}, @replay_thresh={0x8}]}, 0x54}}, 0x0)

[  134.601680][   T34] audit: type=1804 audit(1606264000.395:9): pid=10358 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir775706625/syzkaller.ZhwnCI/11/bus" dev="sda1" ino=15791 res=1 errno=0
[  134.627366][ T4912] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  134.642777][T10351] BPF:
[  134.642777][T10351] 
[  134.672684][T10363] BPF:	(anon) type_id=1 bits_offset=0
[  134.703653][T10363] BPF: 
[  134.716375][T10363] BPF:Member exceeds struct_size
[  134.735850][T10363] BPF:
[  134.735850][T10363] 
[  134.886760][ T4912] usb 6-1: Using ep0 maxpacket: 8
[  135.016868][ T4912] usb 6-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  135.037213][ T4912] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  135.116806][ T4912] usb 6-1: string descriptor 0 read error: -71
[  135.123120][ T4912] usb 6-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  135.132430][ T4912] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.142490][ T4912] usb 6-1: config 0 descriptor??
[  135.166719][ T4912] usb 6-1: can't set config #0, error -71
[  135.172996][ T4912] usb 6-1: USB disconnect, device number 4
[  135.846666][ T9219] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  136.086659][ T9219] usb 6-1: Using ep0 maxpacket: 8
00:26:42 executing program 5:
add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)

00:26:42 executing program 2:
r0 = socket(0x1000000010, 0x80002, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="00001000000000000e06000009000100666c6f7700f4ffff170002"], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

00:26:42 executing program 1:
r0 = syz_open_dev$sndctrl(&(0x7f0000000900)='/dev/snd/controlC#\x00', 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000000c0)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x4, 0x0, 0x2, 0x0, 'syz0\x00', &(0x7f0000000040)=['/dev/sod/controlC\xae\xe4', '/dev/snd/controlC#\x00'], 0xfffffffffffffe69})

00:26:42 executing program 0:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, &(0x7f0000000340)=""/142, 0x42, 0x8e, 0x8}, 0x20)

00:26:42 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00006d4000/0x4000)=nil, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x0)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x70)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000040))
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00)

00:26:42 executing program 3:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000002880)='/dev/null\x00', 0x60601, 0x0)
write$binfmt_elf64(r0, 0x0, 0x0)

[  136.206841][ T9219] usb 6-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[  136.219416][ T9219] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  136.281763][T10398] BPF:	(anon) type_id=1 bits_offset=0
[  136.286648][ T9219] usb 6-1: string descriptor 0 read error: -71
[  136.287494][T10398] BPF: 
[  136.293493][ T9219] usb 6-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  136.293509][ T9219] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.296265][T10398] BPF:Member exceeds struct_size
[  136.326778][T10403] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
00:26:42 executing program 0:
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x0, 0x0, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}}, &(0x7f0000000340)=""/142, 0x42, 0x8e, 0x8}, 0x20)

00:26:42 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x0, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020feffff7a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000000704000000000000b7040000100000206a0700fe000000008500000008000000b70000000a00000095000000000000006458c2c62fc286346e3c192a8f0399d909a63796c113a80c19aab9d607000000b6cd483be3f0d3253730e711f5969f62c28b22756bedf3cf393d14c46cc4f79fd2b316da4f0de8163f6242f27323f1740637e48468766af540439fce41f144631ac262dcae08c3d1a1fbe96dd87235b44174f7c0343185089a12119e31975e551558055dc2dcc473b54825ab2c3ee33af84c30761f880dd3a1b19e18e803ff18d2bf8d2d7bc324de9b9d0fb21a3a80906dad27aeca03ede937b865e264f22584ef4c04be52652bf2e9e5014d5ccc25558c058b53548d2848e3caeb99f7a30dd28f731d31ea1355de786ff4d5c377570ad047146f50fecb975a7de8f8a2106c02d9c9a5632fe3b5c7d324a83965b6f09f9d944ef224272300d122472bd79dbda8763c32cd7991f8c64a7e4e954c50c1f5017567d6ad8574fcef24fab3f0a7a0773b9f63f32073421cf5de96"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x0, 0x7, &(0x7f0000000000)=@framed={{}, [@map, @map]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x17, 0x0, 0x40002, 0x2, 0x0, 0x1}, 0x2c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000fe6000)={0x3, 0x4, 0x4, 0x100000009, 0x0, 0x1}, 0x40)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x3, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018100000", @ANYRES32=r0, @ANYBLOB="000000000000000018100000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], &(0x7f0000000080)='GPL\x00', 0x2, 0x1000, &(0x7f0000000280)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000001c0)={r2, 0x66, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)

[  136.357478][ T9219] usb 6-1: config 0 descriptor??
[  136.364614][T10398] BPF:
[  136.364614][T10398] 
[  136.381178][T10403] netlink: 19 bytes leftover after parsing attributes in process `syz-executor.2'.
00:26:42 executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:42 executing program 5:
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$char_raw(r1, &(0x7f0000001440)=ANY=[], 0xfe99)
write$char_raw(r1, 0x0, 0x200)
read$midi(r0, &(0x7f00000000c0)=""/4096, 0x4000)

[  136.409092][ T9219] usb 6-1: can't set config #0, error -71
[  136.457218][ T9219] usb 6-1: USB disconnect, device number 5
[  136.470689][T10412] BPF:	(anon) type_id=1 bits_offset=0
[  136.479673][T10403] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  136.501895][T10412] BPF: 
00:26:42 executing program 3:
r0 = perf_event_open(&(0x7f0000000200)={0x1000000000000001, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xffffffffffffffff, 0x11, r1, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket(0x40000000002, 0x3, 0x2)
r4 = dup2(r2, r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r5 = socket(0x18, 0x0, 0x0)
getsockopt$SO_BINDTODEVICE(r5, 0x1, 0xe, &(0x7f0000000000), 0x20a154cc)

00:26:42 executing program 0:
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="d800000018008109e00f80ecdb15b9040a6000f0ffff7c05e87c55a1bc000900b8000699030000000500150008008178a800160040003cc00200001203ac040000d67f6f94007134cf6efb800fa007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0)

[  136.516027][T10420] netlink: 19 bytes leftover after parsing attributes in process `syz-executor.2'.
[  136.516217][T10412] BPF:Member exceeds struct_size
[  136.553967][T10412] BPF:
[  136.553967][T10412] 
00:26:42 executing program 2:
r0 = socket(0x1000000010, 0x80002, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="00001000000000000e06000009000100666c6f7700f4ffff170002"], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

00:26:42 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001300)={0x120, 0x13, 0x0, 0x0, 0x0, {}, [@INET_DIAG_REQ_BYTECODE={0xd2, 0x1, "5a23e63210ec7477c93b943f3172345c5b80521afb3a3badf88db30e215f68e93fd3a51bc300cf22c37c554518cef4b2e0f4a7d1865417a088895cf4f71d6c9d5c1ee5e969326d423f817e3fedae80492b2e7e1b55a80dd0b5a3e461257fce21c8244ee17dca40adb7a16045869146101808febf723ae6e8bfe4b7a7465e8be0a51478b13e10f5984987a2fa14fd473eb3371743d307fae55a41d63050dfdfd6ff74c8795ae849946a54fc655664a780e16e2236d1cb1c004c356be9f6dffb6506c9dca92a9d86b47736cee4ff09"}]}, 0x120}}, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0)
write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33)

00:26:42 executing program 3:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:42 executing program 0:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000001c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1, 0x74000000}]}]}}, &(0x7f0000000340)=""/142, 0x42, 0x8e, 0x8}, 0x20)

00:26:42 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00006d4000/0x4000)=nil, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x0)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x70)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000040))
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00)

[  136.696240][T10438] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  136.736108][T10439] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  136.744102][T10438] netlink: 19 bytes leftover after parsing attributes in process `syz-executor.2'.
[  136.762280][T10448] BPF:	(anon) type_id=1 bitfield_size=116 bits_offset=0
00:26:42 executing program 5:
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000030600000000000000000000000000000900020073797a30000000000900020073797a310000f6ff04000100070000000900020073797a3100000000052001"], 0x48}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

00:26:42 executing program 3:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  136.800834][T10448] BPF: 
00:26:42 executing program 2:
r0 = socket(0x1000000010, 0x80002, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="00001000000000000e06000009000100666c6f7700f4ffff170002"], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

[  136.822276][T10448] BPF:Invalid member bitfield_size
[  136.861288][T10454] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  136.861366][T10448] BPF:
[  136.861366][T10448] 
[  136.903030][T10463] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  136.914089][T10448] BPF:	(anon) type_id=1 bitfield_size=116 bits_offset=0
[  136.934545][T10448] BPF: 
[  136.946424][T10448] BPF:Invalid member bitfield_size
[  136.966186][T10463] netlink: 19 bytes leftover after parsing attributes in process `syz-executor.2'.
[  136.980526][T10448] BPF:
[  136.980526][T10448] 
00:26:43 executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:43 executing program 3:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:43 executing program 5:
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000030600000000000000000000000000000900020073797a30000000000900020073797a310000f6ff04000100070000000900020073797a3100000000052001"], 0x48}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

00:26:43 executing program 2:
r0 = socket(0x1000000010, 0x80002, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB='H\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r3, @ANYBLOB="00001000000000000e06000009000100666c6f7700f4ffff170002"], 0x48}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

00:26:43 executing program 0:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:43 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x0, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00006d4000/0x4000)=nil, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x803, 0x2)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in=@empty, 0x0, 0x4, 0x0, 0x1}}, 0xe8)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(0xffffffffffffffff, 0x330f, 0x0)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x400000000000107, 0x0)
getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x70)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000040))
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x3f00)

00:26:43 executing program 2:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:43 executing program 3:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:43 executing program 5:
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000030600000000000000000000000000000900020073797a30000000000900020073797a310000f6ff04000100070000000900020073797a3100000000052001"], 0x48}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[  137.289793][T10482] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
00:26:43 executing program 0:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:43 executing program 5:
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000030600000000000000000000000000000900020073797a30000000000900020073797a310000f6ff04000100070000000900020073797a3100000000052001"], 0x48}}, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)

[  137.455878][T10504] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
00:26:43 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc008ae88, &(0x7f0000000000)={0x2, 0x0, [0xc0000103, 0x0, 0x6, 0x0, 0xc001102a, 0x0, 0x2]})

[  137.518055][T10508] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
00:26:43 executing program 0:
sendmsg$NL80211_CMD_DEL_PMK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40041}, 0x0)
perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040))
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000100)={[], 0x0, 0x132a00})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:43 executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:43 executing program 3:
r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000002c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x300}})

00:26:43 executing program 4:
clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @const={0x0, 0x0, 0x0, 0xa, 0x2}]}}, &(0x7f0000004600)=""/200, 0x3e, 0xc8, 0x8}, 0x20)

00:26:43 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x45, 0x0, 0x1, 0xfffffffc}, {}, {0x6, 0x0, 0x0, 0x7ffffff4}]})

00:26:43 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xfec0ffff00000000}, 0x0, 0x0, 0xff, 0x1}, 0x20)

[  138.000174][T10536] BPF:[1] ARRAY (anon) 
[  138.009416][T10536] BPF:type_id=2 index_type_id=2 nr_elems=0
[  138.015314][T10539] BPF:[1] ARRAY (anon) 
[  138.026606][T10539] BPF:type_id=2 index_type_id=2 nr_elems=0
[  138.039605][T10536] BPF: 
[  138.045682][T10536] BPF:Loop detected
00:26:43 executing program 2:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:43 executing program 3:
r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000002c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x300}})

00:26:43 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000000c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in={{0x2, 0x0, @remote}}}}, &(0x7f00000001c0)=0xb0)

00:26:43 executing program 4:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0xb4, 0x4000000000008d}, 0x0)
getpid()
r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
write$UHID_INPUT(r0, &(0x7f0000001440)={0x8, {"000300"}}, 0xfffffc41)
setxattr$security_evm(&(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='security.evm\x00', 0x0, 0x0, 0x0)

00:26:43 executing program 5:
r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="c4864432", @ANYRES32=<r1=>0x0], &(0x7f000095dffc)=0x8)
r2 = socket(0xa, 0x1, 0x0)
close(r2)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8)
sendmmsg$inet_sctp(r2, &(0x7f0000000bc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="300000000000000084000000010000000000000004"], 0x30}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000080), &(0x7f00000001c0)=0x8)

[  138.046242][T10539] BPF: 
[  138.061050][T10540] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  138.062500][T10539] BPF:Loop detected
[  138.069887][T10536] BPF:
[  138.069887][T10536] 
[  138.081121][T10539] BPF:
[  138.081121][T10539] 
00:26:44 executing program 3:
r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000002c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x300}})

00:26:44 executing program 0:
r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe2c5e16d87cebd96a909d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000340)="83", 0x1, 0xfffffffffffffffc)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r0, r1}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000180)={'md5-generic\x00'}})

[  138.519867][   T34] audit: type=1800 audit(1606264004.315:10): pid=10563 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name="bus" dev="sda1" ino=15847 res=0 errno=0
00:26:44 executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:44 executing program 3:
r0 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x4, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000002c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x300}})

00:26:44 executing program 0:
r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe2c5e16d87cebd96a909d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000340)="83", 0x1, 0xfffffffffffffffc)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r0, r1}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000180)={'md5-generic\x00'}})

00:26:44 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000000)={0x1, 0x0, 0x1})

00:26:44 executing program 2:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x40)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f0000000140)=[{&(0x7f00000005c0)=""/4096, 0x1000}], 0x1)

00:26:44 executing program 3:
open(&(0x7f00000005c0)='./file0\x00', 0x200c2, 0x0)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',dfltgid=', @ANYRESHEX])

00:26:44 executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000002c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539(ecb-cast5-avx,blake2s-160)\x00'}, 0x58)

00:26:44 executing program 0:
r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe2c5e16d87cebd96a909d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000340)="83", 0x1, 0xfffffffffffffffc)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r0, r1}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000180)={'md5-generic\x00'}})

00:26:44 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000000)={0x1, 0x0, 0x1})

00:26:44 executing program 5:
unshare(0x2a000400)
r0 = openat$vcsa(0xffffff9c, &(0x7f0000000280)='/dev/vcsa\x00', 0x12a441, 0x0)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)

00:26:44 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000000)={0x1, 0x0, 0x1})

00:26:44 executing program 3:
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='nfsd\x00', 0x0, 0x0)

00:26:45 executing program 2:
unshare(0x2040400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0)
r1 = socket$inet(0x2, 0x1, 0x0)
sendto$inet(r1, 0x0, 0xfffffffffffffc6d, 0x0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x10)

00:26:45 executing program 0:
r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe2c5e16d87cebd96a909d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000340)="83", 0x1, 0xfffffffffffffffc)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r1, r0, r1}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000180)={'md5-generic\x00'}})

00:26:45 executing program 3:
set_mempolicy(0x40000000004003, &(0x7f00000000c0)=0x8, 0xc0)
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$lock(r0, 0x26, &(0x7f0000000180)={0x1})
fcntl$lock(r0, 0x25, &(0x7f0000000080)={0x2, 0x0, 0x7})

00:26:45 executing program 5:
unshare(0x2a000400)
r0 = openat$vcsa(0xffffff9c, &(0x7f0000000280)='/dev/vcsa\x00', 0x12a441, 0x0)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)

00:26:45 executing program 4:
r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000000)={0x1, 0x0, 0x1})

00:26:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x1c, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:45 executing program 3:
r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x8})

00:26:45 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 0:
r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0xac3, 0x0)
lseek(r0, 0x0, 0x0)

00:26:45 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
fcntl$getownex(r2, 0x24, &(0x7f0000000080))

00:26:45 executing program 5:
unshare(0x2a000400)
r0 = openat$vcsa(0xffffff9c, &(0x7f0000000280)='/dev/vcsa\x00', 0x12a441, 0x0)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)

00:26:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x1c, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:45 executing program 5:
unshare(0x2a000400)
r0 = openat$vcsa(0xffffff9c, &(0x7f0000000280)='/dev/vcsa\x00', 0x12a441, 0x0)
pwritev(r0, 0x0, 0x0, 0x0, 0x0)

00:26:45 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
fcntl$getownex(r2, 0x24, &(0x7f0000000080))

00:26:45 executing program 0:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 3:
r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x8})

00:26:45 executing program 5:
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000780)=0x8)
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000402609333300000000000109022d0001000000000904000009030000000921000000012229000905810300000000000905020301"], 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x16c0, 0x5e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x3f, 0x1, 0x3, 0x1, 0x3, 0x40, {0x9, 0x21, 0x5, 0x7, 0x1, {0x22, 0x24}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3f, 0x40, 0x4f}}}}}]}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x300, 0x7f, 0x81, 0x4, 0x50, 0x8}, 0x39, &(0x7f00000005c0)={0x5, 0xf, 0x39, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0xf, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x1, 0x3, 0x3ff}, @ssp_cap={0x1c, 0x10, 0xa, 0xff, 0x4, 0x4e43172, 0xf000, 0xee, [0x3ff0, 0x18f, 0xff00c0, 0x0]}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x7, 0x5, 0x7f}]}})
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)={0x0, 0xe, 0x61, {0x61, 0x3, "a8be207b9e039afa92c914e0ee1b2c733a21e6c93d48c240383c7d39c061896e58b6b60297629593bf9f9b1c1852754c2f87c29e9d4367af7c5699b045b7930d5dc1a75ccd6a3536685527648b8e5bf3b2623464f2cf4a3794f48a5e195dbd"}}, &(0x7f0000000140)={0x0, 0x3, 0x1d, @string={0x1d, 0x3, "bd62c0abfbd23d1c944a19b4e3bc86593e3c3a214a185d729a5296"}}, &(0x7f00000001c0)={0x0, 0x22, 0x1d, {[@main=@item_012={0x0, 0x0, 0xa}, @global=@item_4={0x3, 0x1, 0xa, "03f1790d"}, @local=@item_4={0x3, 0x2, 0x5, "1b1b91e1"}, @global=@item_4={0x3, 0x1, 0x7, "53d0643a"}, @local=@item_4={0x3, 0x2, 0x2, "d1d044d0"}, @main=@item_4={0x3, 0x0, 0xc, "8a793f77"}, @local, @local=@item_012={0x1, 0x2, 0x7, "dd"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x40, 0x1, {0x22, 0x19}}}}, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)={0x20, 0xd, 0x77, "30ed2c7fa0ad80c6ae056c41387dfc08deb2d49d8672b3c5bc4f923e8995728e89d6f9e96c2b5eb2dd272a75eb2a7f2ee662acaef8073cd6a572b1ffcf23bf8b313fb3d7a3cd62d7b4fead31cefff7943c2556b6369b47e8a1a4ed6a932911b3967abcd14ce5e0e155a6b330d336fcaa01960671bc692e"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000440)={0x20, 0x1, 0x7d, "684c06d227adc57c8a426f50695fe1f669c457aa465b1242b65f8f7c2c61e3ffef258003a5e5d444c418b2d06784703525afd08918cc360b0743b0a9e8e87e0627db7765f9656d3682545bff1df64e2e638c84d701519889154cc673207e029ae3f68ab80fbd109348ebc01f20b46276abad08791f34a36c79d1914856"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x4}})
r1 = syz_open_dev$hiddev(&(0x7f0000000000)='/dev/usb/hiddev#\x00', 0x6, 0x48680)
syz_usb_control_io(r0, &(0x7f0000000800)={0x2c, &(0x7f0000000880)=ANY=[@ANYBLOB='\x00\x00)'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000380)={0x3ff, 0x5, 0xfffffff9, 0x508})
r2 = syz_open_dev$hidraw(&(0x7f0000000040)='/dev/hidraw#\x00', 0x0, 0x0)
r3 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641)
write$hidraw(r3, &(0x7f0000000280)="1c1b62be98c702b1cdda1b011561fe629817adaf5b8eb409b029146df48e7b8c07fb899099d2b25b38fac43a12d3e12983ed613d876ba256ba5c73aea9968470d36506548d0a17183ff6e244af28cc0086bfd99788b137c6ba", 0x59)
ioctl$HIDIOCGRDESCSIZE(r2, 0x80044801, &(0x7f0000000640))
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f0000000300)="fe3a4cd82a8dc49154485d74ec69363d16f7c574209bd14ab678d9df356b64f2e6af00663dee23e33fb8ab0b710dd8e349c844eeeaa5a15c9207d0318c6f4deb99ccd3cb7fa8f6751e72d3cfe052da319ec1f8349d56c9fb13860a003eb32c44a1")

00:26:45 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x1c, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:45 executing program 0:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 3:
r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x8})

00:26:45 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
fcntl$getownex(r2, 0x24, &(0x7f0000000080))

00:26:45 executing program 4:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 0:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00')
write$cgroup_netprio_ifpriomap(r0, 0x0, 0x3)

00:26:45 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x1c, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000), 0x4)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:26:45 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = inotify_init1(0x0)
fcntl$getownex(r2, 0x24, &(0x7f0000000080))

00:26:45 executing program 3:
r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x8})

00:26:45 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x397, &(0x7f0000000180)={0x0, 0xff90}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="34000000100005070000fa00000000000000001a", @ANYRES32=r5, @ANYBLOB="0000000000000000140012000c00010076657468"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000100081050000000000507291450938a8", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012000b0001006970766c616e00000c000200060001000200000008000500", @ANYRES32=r5], 0x44}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r7, &(0x7f0000000140), 0x4924b68, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200))
sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=@newlink={0x20, 0x11, 0x40d, 0x0, 0x0, {0x10, 0x0, 0x0, r9}}, 0x20}}, 0x0)

[  140.214066][T10704] __nla_validate_parse: 2 callbacks suppressed
[  140.214072][T10704] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  140.241000][T10709] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  140.278941][ T9558] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  140.646578][ T9558] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.678556][ T9558] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.705661][ T9558] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  140.739029][ T9558] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  140.752543][ T9558] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[  140.762079][ T9558] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.772292][ T9558] usb 6-1: config 0 descriptor??
[  141.257268][ T9558] keytouch 0003:0926:3333.0001: fixing up Keytouch IEC report descriptor
[  141.272780][ T9558] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0001/input/input5
[  141.349295][ T9558] keytouch 0003:0926:3333.0001: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
00:26:48 executing program 5:
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000780)=0x8)
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000402609333300000000000109022d0001000000000904000009030000000921000000012229000905810300000000000905020301"], 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x16c0, 0x5e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x3f, 0x1, 0x3, 0x1, 0x3, 0x40, {0x9, 0x21, 0x5, 0x7, 0x1, {0x22, 0x24}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3f, 0x40, 0x4f}}}}}]}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x300, 0x7f, 0x81, 0x4, 0x50, 0x8}, 0x39, &(0x7f00000005c0)={0x5, 0xf, 0x39, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0xf, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x1, 0x3, 0x3ff}, @ssp_cap={0x1c, 0x10, 0xa, 0xff, 0x4, 0x4e43172, 0xf000, 0xee, [0x3ff0, 0x18f, 0xff00c0, 0x0]}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x7, 0x5, 0x7f}]}})
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)={0x0, 0xe, 0x61, {0x61, 0x3, "a8be207b9e039afa92c914e0ee1b2c733a21e6c93d48c240383c7d39c061896e58b6b60297629593bf9f9b1c1852754c2f87c29e9d4367af7c5699b045b7930d5dc1a75ccd6a3536685527648b8e5bf3b2623464f2cf4a3794f48a5e195dbd"}}, &(0x7f0000000140)={0x0, 0x3, 0x1d, @string={0x1d, 0x3, "bd62c0abfbd23d1c944a19b4e3bc86593e3c3a214a185d729a5296"}}, &(0x7f00000001c0)={0x0, 0x22, 0x1d, {[@main=@item_012={0x0, 0x0, 0xa}, @global=@item_4={0x3, 0x1, 0xa, "03f1790d"}, @local=@item_4={0x3, 0x2, 0x5, "1b1b91e1"}, @global=@item_4={0x3, 0x1, 0x7, "53d0643a"}, @local=@item_4={0x3, 0x2, 0x2, "d1d044d0"}, @main=@item_4={0x3, 0x0, 0xc, "8a793f77"}, @local, @local=@item_012={0x1, 0x2, 0x7, "dd"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x40, 0x1, {0x22, 0x19}}}}, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)={0x20, 0xd, 0x77, "30ed2c7fa0ad80c6ae056c41387dfc08deb2d49d8672b3c5bc4f923e8995728e89d6f9e96c2b5eb2dd272a75eb2a7f2ee662acaef8073cd6a572b1ffcf23bf8b313fb3d7a3cd62d7b4fead31cefff7943c2556b6369b47e8a1a4ed6a932911b3967abcd14ce5e0e155a6b330d336fcaa01960671bc692e"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000440)={0x20, 0x1, 0x7d, "684c06d227adc57c8a426f50695fe1f669c457aa465b1242b65f8f7c2c61e3ffef258003a5e5d444c418b2d06784703525afd08918cc360b0743b0a9e8e87e0627db7765f9656d3682545bff1df64e2e638c84d701519889154cc673207e029ae3f68ab80fbd109348ebc01f20b46276abad08791f34a36c79d1914856"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x4}})
r1 = syz_open_dev$hiddev(&(0x7f0000000000)='/dev/usb/hiddev#\x00', 0x6, 0x48680)
syz_usb_control_io(r0, &(0x7f0000000800)={0x2c, &(0x7f0000000880)=ANY=[@ANYBLOB='\x00\x00)'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000380)={0x3ff, 0x5, 0xfffffff9, 0x508})
r2 = syz_open_dev$hidraw(&(0x7f0000000040)='/dev/hidraw#\x00', 0x0, 0x0)
r3 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641)
write$hidraw(r3, &(0x7f0000000280)="1c1b62be98c702b1cdda1b011561fe629817adaf5b8eb409b029146df48e7b8c07fb899099d2b25b38fac43a12d3e12983ed613d876ba256ba5c73aea9968470d36506548d0a17183ff6e244af28cc0086bfd99788b137c6ba", 0x59)
ioctl$HIDIOCGRDESCSIZE(r2, 0x80044801, &(0x7f0000000640))
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f0000000300)="fe3a4cd82a8dc49154485d74ec69363d16f7c574209bd14ab678d9df356b64f2e6af00663dee23e33fb8ab0b710dd8e349c844eeeaa5a15c9207d0318c6f4deb99ccd3cb7fa8f6751e72d3cfe052da319ec1f8349d56c9fb13860a003eb32c44a1")

00:26:48 executing program 3:
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[], 0xff01)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
splice(r0, 0x0, r4, 0x0, 0x10003, 0x0)
write$binfmt_elf32(r4, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x5dc)

00:26:48 executing program 0:
open(&(0x7f0000000140)='./file0\x00', 0x8000000000141048, 0x0)
mount(0x0, &(0x7f0000851000)='./file0\x00', &(0x7f0000a6f000)='nfs4\x00', 0x0, &(0x7f0000dedf2f)='v2')

00:26:48 executing program 2:
r0 = socket$pppoe(0x18, 0x1, 0x0)
getpeername(r0, 0x0, &(0x7f00000000c0))

00:26:48 executing program 1:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000000040)="24000000220007031dfffd946f61050002000000054300000000391e421ba3a20400ff7e280000001100ffd613d3475bb65f6400004efb0000000000007e23f7efbf54000000005cc37fcfa3", 0x4c}], 0x1}, 0x0)

00:26:48 executing program 4:
r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0)
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0)
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0x4020565a, &(0x7f00000002c0)={0x3, 0xf0f000, {0x80000001}})

00:26:48 executing program 2:
r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000380)='cpu&3\n\n\n\n\x00\x00\xc8 \xf4\xb3\xca\f\x1ff\xf0\xed\xe2\xdaX\x96\xe8\xd2\x9ba\xdd\xba\x93\xf3\xa2\x97e\xd7\xa37\xc0\xae$\xef\x1f\x1feq*\xeb\x00\xffx\x7fV-S\xeb\x9c\xf5\xe5!d\x99]\x17~\x9e\\\xac\x1f\x93\x00\x02\x00\x80T\"\x00\x80\xff\xff\x03\x00')
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='/dev/loop-control\x00')

00:26:48 executing program 1:
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000300)="a0", 0x1}], 0x1}], 0x1, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r2, 0x2}, 0x8)

00:26:48 executing program 0:
set_mempolicy(0x3, &(0x7f0000000080)=0x2db, 0x6)
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  142.998923][T10774] NFS: Device name not specified
[  143.001537][T10773] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  143.025128][T10780] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
00:26:48 executing program 3:
syz_mount_image$msdos(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000040)=ANY=[@ANYBLOB='.'], &(0x7f0000000780)='./file0\x00', 0x0, 0x9800, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x28500a8, &(0x7f00000000c0)={[{@init_itable='init_itable'}]})

00:26:48 executing program 2:
io_setup(0x40, &(0x7f0000000000)=<r0=>0x0)
io_pgetevents(r0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180), 0x8})

[  143.126887][T10791] sctp: [Deprecated]: syz-executor.1 (pid 10791) Use of struct sctp_assoc_value in delayed_ack socket option.
[  143.126887][T10791] Use struct sctp_sack_info instead
[  143.161642][T10794] EXT4-fs (sda1): re-mounted. Opts: init_itable,,errors=continue
00:26:49 executing program 0:
set_mempolicy(0x3, &(0x7f0000000080)=0x2db, 0x6)
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  143.177662][T10799] sctp: [Deprecated]: syz-executor.1 (pid 10799) Use of struct sctp_assoc_value in delayed_ack socket option.
[  143.177662][T10799] Use struct sctp_sack_info instead
[  143.203802][T10800] EXT4-fs (sda1): re-mounted. Opts: init_itable,,errors=continue
[  143.486365][ T9558] usb 6-1: reset high-speed USB device number 6 using dummy_hcd
00:26:55 executing program 5:
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000780)=0x8)
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000402609333300000000000109022d0001000000000904000009030000000921000000012229000905810300000000000905020301"], 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x16c0, 0x5e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x3f, 0x1, 0x3, 0x1, 0x3, 0x40, {0x9, 0x21, 0x5, 0x7, 0x1, {0x22, 0x24}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3f, 0x40, 0x4f}}}}}]}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x300, 0x7f, 0x81, 0x4, 0x50, 0x8}, 0x39, &(0x7f00000005c0)={0x5, 0xf, 0x39, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0xf, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x1, 0x3, 0x3ff}, @ssp_cap={0x1c, 0x10, 0xa, 0xff, 0x4, 0x4e43172, 0xf000, 0xee, [0x3ff0, 0x18f, 0xff00c0, 0x0]}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x7, 0x5, 0x7f}]}})
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)={0x0, 0xe, 0x61, {0x61, 0x3, "a8be207b9e039afa92c914e0ee1b2c733a21e6c93d48c240383c7d39c061896e58b6b60297629593bf9f9b1c1852754c2f87c29e9d4367af7c5699b045b7930d5dc1a75ccd6a3536685527648b8e5bf3b2623464f2cf4a3794f48a5e195dbd"}}, &(0x7f0000000140)={0x0, 0x3, 0x1d, @string={0x1d, 0x3, "bd62c0abfbd23d1c944a19b4e3bc86593e3c3a214a185d729a5296"}}, &(0x7f00000001c0)={0x0, 0x22, 0x1d, {[@main=@item_012={0x0, 0x0, 0xa}, @global=@item_4={0x3, 0x1, 0xa, "03f1790d"}, @local=@item_4={0x3, 0x2, 0x5, "1b1b91e1"}, @global=@item_4={0x3, 0x1, 0x7, "53d0643a"}, @local=@item_4={0x3, 0x2, 0x2, "d1d044d0"}, @main=@item_4={0x3, 0x0, 0xc, "8a793f77"}, @local, @local=@item_012={0x1, 0x2, 0x7, "dd"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x40, 0x1, {0x22, 0x19}}}}, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)={0x20, 0xd, 0x77, "30ed2c7fa0ad80c6ae056c41387dfc08deb2d49d8672b3c5bc4f923e8995728e89d6f9e96c2b5eb2dd272a75eb2a7f2ee662acaef8073cd6a572b1ffcf23bf8b313fb3d7a3cd62d7b4fead31cefff7943c2556b6369b47e8a1a4ed6a932911b3967abcd14ce5e0e155a6b330d336fcaa01960671bc692e"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000440)={0x20, 0x1, 0x7d, "684c06d227adc57c8a426f50695fe1f669c457aa465b1242b65f8f7c2c61e3ffef258003a5e5d444c418b2d06784703525afd08918cc360b0743b0a9e8e87e0627db7765f9656d3682545bff1df64e2e638c84d701519889154cc673207e029ae3f68ab80fbd109348ebc01f20b46276abad08791f34a36c79d1914856"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x4}})
r1 = syz_open_dev$hiddev(&(0x7f0000000000)='/dev/usb/hiddev#\x00', 0x6, 0x48680)
syz_usb_control_io(r0, &(0x7f0000000800)={0x2c, &(0x7f0000000880)=ANY=[@ANYBLOB='\x00\x00)'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000380)={0x3ff, 0x5, 0xfffffff9, 0x508})
r2 = syz_open_dev$hidraw(&(0x7f0000000040)='/dev/hidraw#\x00', 0x0, 0x0)
r3 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641)
write$hidraw(r3, &(0x7f0000000280)="1c1b62be98c702b1cdda1b011561fe629817adaf5b8eb409b029146df48e7b8c07fb899099d2b25b38fac43a12d3e12983ed613d876ba256ba5c73aea9968470d36506548d0a17183ff6e244af28cc0086bfd99788b137c6ba", 0x59)
ioctl$HIDIOCGRDESCSIZE(r2, 0x80044801, &(0x7f0000000640))
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f0000000300)="fe3a4cd82a8dc49154485d74ec69363d16f7c574209bd14ab678d9df356b64f2e6af00663dee23e33fb8ab0b710dd8e349c844eeeaa5a15c9207d0318c6f4deb99ccd3cb7fa8f6751e72d3cfe052da319ec1f8349d56c9fb13860a003eb32c44a1")

00:26:55 executing program 0:
set_mempolicy(0x3, &(0x7f0000000080)=0x2db, 0x6)
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:26:55 executing program 1:
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000300)="a0", 0x1}], 0x1}], 0x1, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r2, 0x2}, 0x8)

00:26:55 executing program 3:
syz_mount_image$msdos(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000040)=ANY=[@ANYBLOB='.'], &(0x7f0000000780)='./file0\x00', 0x0, 0x9800, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x28500a8, &(0x7f00000000c0)={[{@init_itable='init_itable'}]})

00:26:55 executing program 2:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

00:26:55 executing program 4:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setreuid(0x0, 0xee01)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

[  149.595504][    T7] usb 6-1: USB disconnect, device number 6
00:26:55 executing program 0:
set_mempolicy(0x3, &(0x7f0000000080)=0x2db, 0x6)
r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0x4018620d, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:26:55 executing program 4:
ioperm(0x0, 0x0, 0x0)
clone3(&(0x7f0000000340)={0x42000000, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[  149.652349][T10838] sctp: [Deprecated]: syz-executor.1 (pid 10838) Use of struct sctp_assoc_value in delayed_ack socket option.
[  149.652349][T10838] Use struct sctp_sack_info instead
[  149.669849][T10842] EXT4-fs (sda1): re-mounted. Opts: init_itable,,errors=continue
00:26:55 executing program 3:
syz_mount_image$msdos(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000040)=ANY=[@ANYBLOB='.'], &(0x7f0000000780)='./file0\x00', 0x0, 0x9800, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x28500a8, &(0x7f00000000c0)={[{@init_itable='init_itable'}]})

00:26:55 executing program 1:
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000300)="a0", 0x1}], 0x1}], 0x1, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r2, 0x2}, 0x8)

00:26:55 executing program 4:
ioperm(0x0, 0x0, 0x0)
clone3(&(0x7f0000000340)={0x42000000, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58)

[  149.748749][T10849] IPVS: ftp: loaded support on port[0] = 21
00:26:55 executing program 0:
write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0003be90000ed190e02", 0x11)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'})
ioctl$TUNSETGROUP(r0, 0x400454dc, 0xffffffffffffffff)

[  149.832198][T10876] sctp: [Deprecated]: syz-executor.1 (pid 10876) Use of struct sctp_assoc_value in delayed_ack socket option.
[  149.832198][T10876] Use struct sctp_sack_info instead
[  149.863401][T10877] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  149.879362][T10880] EXT4-fs (sda1): re-mounted. Opts: init_itable,,errors=continue
[  149.904483][T10881] IPVS: ftp: loaded support on port[0] = 21
[  150.066088][    T7] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  150.466060][    T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  150.477263][    T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  150.487675][    T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  150.501673][    T7] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  150.515286][    T7] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[  150.524801][    T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.534741][    T7] usb 6-1: config 0 descriptor??
[  151.016436][    T7] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor
[  151.031498][    T7] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0002/input/input6
[  151.109062][    T7] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
00:26:58 executing program 3:
syz_mount_image$msdos(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(&(0x7f0000000040)=ANY=[@ANYBLOB='.'], &(0x7f0000000780)='./file0\x00', 0x0, 0x9800, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x28500a8, &(0x7f00000000c0)={[{@init_itable='init_itable'}]})

00:26:58 executing program 2:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

00:26:58 executing program 1:
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r0, &(0x7f0000000700)=[{&(0x7f0000000000)=@in={0x2, 0x0, @dev}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000300)="a0", 0x1}], 0x1}], 0x1, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={r2, 0x2}, 0x8)

00:26:58 executing program 4:
ioperm(0x0, 0x0, 0x0)
clone3(&(0x7f0000000340)={0x42000000, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58)

00:26:58 executing program 0:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

00:26:58 executing program 5:
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000780)=0x8)
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000402609333300000000000109022d0001000000000904000009030000000921000000012229000905810300000000000905020301"], 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x16c0, 0x5e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x3f, 0x1, 0x3, 0x1, 0x3, 0x40, {0x9, 0x21, 0x5, 0x7, 0x1, {0x22, 0x24}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x3f, 0x40, 0x4f}}}}}]}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000580)={0xa, 0x6, 0x300, 0x7f, 0x81, 0x4, 0x50, 0x8}, 0x39, &(0x7f00000005c0)={0x5, 0xf, 0x39, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0xf, 0x5}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x1, 0x3, 0x3ff}, @ssp_cap={0x1c, 0x10, 0xa, 0xff, 0x4, 0x4e43172, 0xf000, 0xee, [0x3ff0, 0x18f, 0xff00c0, 0x0]}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x7, 0x5, 0x7f}]}})
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000000c0)={0x0, 0xe, 0x61, {0x61, 0x3, "a8be207b9e039afa92c914e0ee1b2c733a21e6c93d48c240383c7d39c061896e58b6b60297629593bf9f9b1c1852754c2f87c29e9d4367af7c5699b045b7930d5dc1a75ccd6a3536685527648b8e5bf3b2623464f2cf4a3794f48a5e195dbd"}}, &(0x7f0000000140)={0x0, 0x3, 0x1d, @string={0x1d, 0x3, "bd62c0abfbd23d1c944a19b4e3bc86593e3c3a214a185d729a5296"}}, &(0x7f00000001c0)={0x0, 0x22, 0x1d, {[@main=@item_012={0x0, 0x0, 0xa}, @global=@item_4={0x3, 0x1, 0xa, "03f1790d"}, @local=@item_4={0x3, 0x2, 0x5, "1b1b91e1"}, @global=@item_4={0x3, 0x1, 0x7, "53d0643a"}, @local=@item_4={0x3, 0x2, 0x2, "d1d044d0"}, @main=@item_4={0x3, 0x0, 0xc, "8a793f77"}, @local, @local=@item_012={0x1, 0x2, 0x7, "dd"}]}}, &(0x7f0000000200)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x40, 0x1, {0x22, 0x19}}}}, &(0x7f00000003c0)={0x2c, &(0x7f0000000280)={0x20, 0xd, 0x77, "30ed2c7fa0ad80c6ae056c41387dfc08deb2d49d8672b3c5bc4f923e8995728e89d6f9e96c2b5eb2dd272a75eb2a7f2ee662acaef8073cd6a572b1ffcf23bf8b313fb3d7a3cd62d7b4fead31cefff7943c2556b6369b47e8a1a4ed6a932911b3967abcd14ce5e0e155a6b330d336fcaa01960671bc692e"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000440)={0x20, 0x1, 0x7d, "684c06d227adc57c8a426f50695fe1f669c457aa465b1242b65f8f7c2c61e3ffef258003a5e5d444c418b2d06784703525afd08918cc360b0743b0a9e8e87e0627db7765f9656d3682545bff1df64e2e638c84d701519889154cc673207e029ae3f68ab80fbd109348ebc01f20b46276abad08791f34a36c79d1914856"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x4}})
r1 = syz_open_dev$hiddev(&(0x7f0000000000)='/dev/usb/hiddev#\x00', 0x6, 0x48680)
syz_usb_control_io(r0, &(0x7f0000000800)={0x2c, &(0x7f0000000880)=ANY=[@ANYBLOB='\x00\x00)'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$HIDIOCGCOLLECTIONINFO(r1, 0xc0104811, &(0x7f0000000380)={0x3ff, 0x5, 0xfffffff9, 0x508})
r2 = syz_open_dev$hidraw(&(0x7f0000000040)='/dev/hidraw#\x00', 0x0, 0x0)
r3 = syz_open_dev$hidraw(&(0x7f0000000100)='/dev/hidraw#\x00', 0x0, 0x641)
write$hidraw(r3, &(0x7f0000000280)="1c1b62be98c702b1cdda1b011561fe629817adaf5b8eb409b029146df48e7b8c07fb899099d2b25b38fac43a12d3e12983ed613d876ba256ba5c73aea9968470d36506548d0a17183ff6e244af28cc0086bfd99788b137c6ba", 0x59)
ioctl$HIDIOCGRDESCSIZE(r2, 0x80044801, &(0x7f0000000640))
ioctl$HIDIOCSFEATURE(r3, 0xc0404806, &(0x7f0000000300)="fe3a4cd82a8dc49154485d74ec69363d16f7c574209bd14ab678d9df356b64f2e6af00663dee23e33fb8ab0b710dd8e349c844eeeaa5a15c9207d0318c6f4deb99ccd3cb7fa8f6751e72d3cfe052da319ec1f8349d56c9fb13860a003eb32c44a1")

[  152.623021][T10961] sctp: [Deprecated]: syz-executor.1 (pid 10961) Use of struct sctp_assoc_value in delayed_ack socket option.
[  152.623021][T10961] Use struct sctp_sack_info instead
[  152.649445][T10965] IPVS: ftp: loaded support on port[0] = 21
[  152.659808][T10966] EXT4-fs (sda1): re-mounted. Opts: init_itable,,errors=continue
00:26:58 executing program 3:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x7ff}, 0x17f)
sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="240000002e0007031dfffd946fa201000100000000000000000000e50c1be3a2f7fffe7e280000005e00ff", 0x2b}], 0x1}, 0x0)
splice(r0, 0x0, r1, 0x0, 0x10000, 0x0)

00:26:58 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00')
write$apparmor_exec(r0, 0x0, 0x0)

00:26:58 executing program 4:
ioperm(0x0, 0x0, 0x0)
clone3(&(0x7f0000000340)={0x42000000, 0x0, 0x0, 0x0, {0x2b}, 0x0, 0x0, 0x0, 0x0}, 0x58)

00:26:58 executing program 2:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

00:26:58 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00')
write$apparmor_exec(r0, 0x0, 0x0)

00:26:58 executing program 3:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x248000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0x100000001, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/config\x00')
lseek(r1, 0x80000001, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8982, &(0x7f0000000080)={0x6, 'bridge_slave_0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x20005040)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x1)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @dev}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000100))
eventfd(0x0)
sendto$inet(r0, &(0x7f0000000040)="10c8", 0xfffffffffffffd30, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000140)={0x0, 0x4, 0x80ffffffff}, 0x14)
shutdown(r0, 0x1)

00:26:58 executing program 0:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

00:26:58 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00')
write$apparmor_exec(r0, 0x0, 0x0)

[  152.984057][T11007] IPVS: ftp: loaded support on port[0] = 21
00:26:58 executing program 3:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x248000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0x100000001, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/config\x00')
lseek(r1, 0x80000001, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8982, &(0x7f0000000080)={0x6, 'bridge_slave_0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x20005040)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x1)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @dev}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000100))
eventfd(0x0)
sendto$inet(r0, &(0x7f0000000040)="10c8", 0xfffffffffffffd30, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000140)={0x0, 0x4, 0x80ffffffff}, 0x14)
shutdown(r0, 0x1)

00:26:58 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00')
write$apparmor_exec(r0, 0x0, 0x0)

00:26:59 executing program 2:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

[  153.157925][    T7] usb 6-1: reset high-speed USB device number 7 using dummy_hcd
00:27:05 executing program 3:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x248000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0x100000001, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/config\x00')
lseek(r1, 0x80000001, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8982, &(0x7f0000000080)={0x6, 'bridge_slave_0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x20005040)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x1)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @dev}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000100))
eventfd(0x0)
sendto$inet(r0, &(0x7f0000000040)="10c8", 0xfffffffffffffd30, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000140)={0x0, 0x4, 0x80ffffffff}, 0x14)
shutdown(r0, 0x1)

00:27:05 executing program 0:
mkdir(&(0x7f00000000c0)='./file1\x00', 0xc0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r1 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {0x0, 0x0, 0x9}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d5, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x15}, 0x0, 0x0, 0x3, 0x4, 0x200}}, 0xe8)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001540)='/dev/input/mice\x00', 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000b80)={r2})
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000140)=0x5, 0x4)
sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0x1f4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mknod$loop(&(0x7f00000003c0)='./bus/file1\x00', 0x80, 0x1)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
link(&(0x7f00000002c0)='./bus/file1\x00', &(0x7f0000000440)='./bus/file0\x00')
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chown(&(0x7f0000000380)='./bus/file1\x00', 0x0, 0x0)

00:27:05 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=@acquire={0x134, 0x17, 0x7, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}}, @in6=@private0, {@in6=@mcast2, @in=@local}, {{@in6=@mcast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0}}}, [@mark={0xc}]}, 0x134}, 0x8}, 0x0)

00:27:05 executing program 1:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045009, &(0x7f00000001c0)=0x1)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100)=0x10000)

00:27:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00')
sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @dev}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x5}]}, 0x28}}, 0x0)

00:27:05 executing program 5:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x0, 0x0)
pidfd_send_signal(r0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x5}, 0x0)

[  159.295711][ T3848] usb 6-1: USB disconnect, device number 7
00:27:05 executing program 4:
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x0, 0x1)
unshare(0x2020000)
mount(&(0x7f0000000280)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000240)='./file0\x00', 0x0, 0x1000, 0x0)
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xce024b8b)
unlink(&(0x7f0000000140)='./file0\x00')

00:27:05 executing program 3:
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x248000)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f00000001c0)=0x1, 0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0x100000001, 0x4)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/config\x00')
lseek(r1, 0x80000001, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8982, &(0x7f0000000080)={0x6, 'bridge_slave_0\x00'})
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x20005040)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x1)
bind$inet(r0, &(0x7f0000738ff0)={0x2, 0x4e21, @dev}, 0x10)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000100))
eventfd(0x0)
sendto$inet(r0, &(0x7f0000000040)="10c8", 0xfffffffffffffd30, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000140)={0x0, 0x4, 0x80ffffffff}, 0x14)
shutdown(r0, 0x1)

00:27:05 executing program 1:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045009, &(0x7f00000001c0)=0x1)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100)=0x10000)

00:27:05 executing program 2:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio\x00', 0x2, 0x0)
write$dsp(r0, &(0x7f0000000000)="ce", 0x1)
ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x5001, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000040))

00:27:05 executing program 5:
r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x1, 0x0)
r1 = dup(r0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x1, 0x2})

00:27:05 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x8cc}]}]}, 0x58}}, 0x0)

00:27:05 executing program 1:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045009, &(0x7f00000001c0)=0x1)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100)=0x10000)

00:27:05 executing program 3:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000300)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc0001}]})
copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)

00:27:05 executing program 5:
r0 = socket(0x200000000000011, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'dummy0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @broadcast}, 0x14)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3, 0x4)
write(r0, &(0x7f0000000300)="bd38832aa0d96fba3d73fad7cd21", 0x5ee)

00:27:05 executing program 1:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045009, &(0x7f00000001c0)=0x1)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100)=0x10000)

00:27:05 executing program 0:
syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x405c)

[  159.684927][   T34] audit: type=1326 audit(1606264025.476:11): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=228 compat=0 ip=0x460d1a code=0x7ffc0000
00:27:05 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9, 0x1, 'veth\x00'}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_ADDRESS={0xc, 0x1, @multicast}]}, 0x40}}, 0x0)

[  159.748156][   T34] audit: type=1326 audit(1606264025.506:12): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45deb9 code=0x7ffc0000
[  159.806802][   T34] audit: type=1326 audit(1606264025.506:13): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45deb9 code=0x7ffc0000
[  159.858517][   T34] audit: type=1326 audit(1606264025.506:14): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=228 compat=0 ip=0x460d1a code=0x7ffc0000
[  159.906877][   T34] audit: type=1326 audit(1606264025.506:15): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=157 compat=0 ip=0x45deb9 code=0x7ffc0000
[  159.933655][   T34] audit: type=1326 audit(1606264025.506:16): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=228 compat=0 ip=0x460d1a code=0x7ffc0000
[  159.957900][   T34] audit: type=1326 audit(1606264025.506:17): auid=0 uid=0 gid=0 ses=4 subj==unconfined pid=11111 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x45deb9 code=0x7ffc0000
[  159.984506][ T3165] ==================================================================
[  159.993487][ T3165] BUG: KCSAN: data-race in dec_zone_page_state / release_pages
[  160.001016][ T3165] 
[  160.003334][ T3165] write to 0xffffea000465b180 of 8 bytes by task 11092 on cpu 0:
[  160.011042][ T3165]  release_pages+0x41c/0x8b0
[  160.015623][ T3165]  __pagevec_release+0xa7/0xd0
[  160.020587][ T3165]  truncate_inode_pages_range+0x517/0xf20
[  160.026316][ T3165]  truncate_inode_pages_final+0x7d/0x90
[  160.032220][ T3165]  ext4_evict_inode+0x2b7/0xe70
[  160.037091][ T3165]  evict+0x19f/0x470
[  160.040969][ T3165]  iput+0x421/0x510
[  160.044766][ T3165]  dentry_unlink_inode+0x1f3/0x210
[  160.049870][ T3165]  __dentry_kill+0x28b/0x450
[  160.054449][ T3165]  dput+0x203/0x420
[  160.058270][ T3165]  cleanup_mnt+0x265/0x2e0
[  160.062755][ T3165]  __cleanup_mnt+0x15/0x20
[  160.067160][ T3165]  task_work_run+0x8e/0x110
[  160.071656][ T3165]  exit_to_user_mode_prepare+0x13c/0x170
[  160.077278][ T3165]  syscall_exit_to_user_mode+0x16/0x30
[  160.082729][ T3165]  do_syscall_64+0x45/0x80
[  160.087160][ T3165]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  160.093032][ T3165] 
[  160.095354][ T3165] read to 0xffffea000465b180 of 8 bytes by task 3165 on cpu 1:
[  160.102907][ T3165]  dec_zone_page_state+0x13/0x100
[  160.108097][ T3165]  test_clear_page_writeback+0x3ba/0x450
[  160.113817][ T3165]  end_page_writeback+0xa7/0x110
[  160.118740][ T3165]  ext4_finish_bio+0x429/0x490
[  160.123664][ T3165]  ext4_release_io_end+0x98/0x200
[  160.128685][ T3165]  ext4_end_io_rsv_work+0x306/0x360
[  160.133881][ T3165]  process_one_work+0x3e1/0x950
[  160.138719][ T3165]  worker_thread+0x635/0xb90
[  160.143298][ T3165]  kthread+0x1fd/0x220
[  160.147355][ T3165]  ret_from_fork+0x1f/0x30
[  160.151764][ T3165] 
[  160.154090][ T3165] Reported by Kernel Concurrency Sanitizer on:
[  160.161270][ T3165] CPU: 1 PID: 3165 Comm: kworker/u4:4 Not tainted 5.10.0-rc5-syzkaller #0
[  160.169751][ T3165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  160.179809][ T3165] Workqueue: ext4-rsv-conversion ext4_end_io_rsv_work
[  160.186904][ T3165] ==================================================================
[  160.196907][ T3165] Kernel panic - not syncing: panic_on_warn set ...
[  160.205195][ T3165] CPU: 1 PID: 3165 Comm: kworker/u4:4 Not tainted 5.10.0-rc5-syzkaller #0
[  160.215242][ T3165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  160.225819][ T3165] Workqueue: ext4-rsv-conversion ext4_end_io_rsv_work
[  160.232562][ T3165] Call Trace:
[  160.235932][ T3165]  dump_stack+0x116/0x15d
[  160.240247][ T3165]  panic+0x1e7/0x5fa
[  160.244125][ T3165]  ? vprintk_emit+0x2f2/0x370
[  160.248792][ T3165]  kcsan_report+0x67b/0x680
[  160.253299][ T3165]  ? kcsan_setup_watchpoint+0x46a/0x4d0
[  160.259706][ T3165]  ? dec_zone_page_state+0x13/0x100
[  160.264893][ T3165]  ? test_clear_page_writeback+0x3ba/0x450
[  160.270957][ T3165]  ? end_page_writeback+0xa7/0x110
[  160.276054][ T3165]  ? ext4_finish_bio+0x429/0x490
[  160.280981][ T3165]  ? ext4_release_io_end+0x98/0x200
[  160.286855][ T3165]  ? ext4_end_io_rsv_work+0x306/0x360
[  160.292225][ T3165]  ? process_one_work+0x3e1/0x950
[  160.297330][ T3165]  ? worker_thread+0x635/0xb90
[  160.302079][ T3165]  ? kthread+0x1fd/0x220
[  160.306329][ T3165]  ? ret_from_fork+0x1f/0x30
[  160.310942][ T3165]  ? __switch_to+0x14e/0x4c0
[  160.315517][ T3165]  kcsan_setup_watchpoint+0x46a/0x4d0
[  160.320899][ T3165]  dec_zone_page_state+0x13/0x100
[  160.325959][ T3165]  test_clear_page_writeback+0x3ba/0x450
[  160.331591][ T3165]  end_page_writeback+0xa7/0x110
[  160.336644][ T3165]  ext4_finish_bio+0x429/0x490
[  160.341404][ T3165]  ext4_release_io_end+0x98/0x200
[  160.346684][ T3165]  ? ext4_end_io_rsv_work+0x2b0/0x360
[  160.352051][ T3165]  ext4_end_io_rsv_work+0x306/0x360
[  160.357242][ T3165]  process_one_work+0x3e1/0x950
[  160.362087][ T3165]  worker_thread+0x635/0xb90
[  160.366670][ T3165]  ? finish_task_switch+0x81/0x280
[  160.371819][ T3165]  ? process_one_work+0x950/0x950
[  160.376836][ T3165]  kthread+0x1fd/0x220
[  160.380898][ T3165]  ? process_one_work+0x950/0x950
[  160.385993][ T3165]  ? kthread_blkcg+0x80/0x80
[  160.390580][ T3165]  ret_from_fork+0x1f/0x30
[  160.397035][ T3165] Kernel Offset: disabled
[  160.401596][ T3165] Rebooting in 86400 seconds..